TSG-13934: 扫描APP命中monitor策略后,扫描IP+APP命中intercept策略,未正常执行intercept动作
This commit is contained in:
liuxueli
@@ -344,6 +344,100 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
|
||||
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
|
||||
}
|
||||
|
||||
extern void set_security_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq);
|
||||
|
||||
TEST(TSGMaster, SecurityPolicyIntercept)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
|
||||
struct identify_info identify_info;
|
||||
|
||||
security_result[1].action=TSG_ACTION_INTERCEPT;
|
||||
security_result[1].config_id=TSG_ACTION_INTERCEPT;
|
||||
|
||||
// Set Intercept
|
||||
set_security_result_to_project((struct streaminfo *)&a_stream, &security_result[1], 1, PULL_KNI_RESULT, 0);
|
||||
|
||||
int ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(0, ret);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
|
||||
|
||||
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
|
||||
EXPECT_NE(nullptr, priority_label);
|
||||
EXPECT_EQ(1, priority_label->security_result_num);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].config_id);
|
||||
|
||||
free_policy_label(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
|
||||
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
|
||||
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
|
||||
}
|
||||
|
||||
|
||||
TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
|
||||
{
|
||||
const struct streaminfo a_stream={0};
|
||||
struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
|
||||
struct identify_info identify_info;
|
||||
|
||||
security_result[0].action=TSG_ACTION_MONITOR;
|
||||
security_result[0].config_id=TSG_ACTION_MONITOR;
|
||||
|
||||
security_result[1].action=TSG_ACTION_INTERCEPT;
|
||||
security_result[1].config_id=TSG_ACTION_INTERCEPT;
|
||||
|
||||
// First Monitor, second Intercpt
|
||||
tsg_notify_hited_security_result(&a_stream, &security_result[0], 1, 0);
|
||||
|
||||
int ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(0, ret);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].config_id);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].config_id);
|
||||
|
||||
// Set Intercept
|
||||
set_security_result_to_project((struct streaminfo *)&a_stream, &security_result[1], 1, PULL_KNI_RESULT, 0);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(0, ret);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
|
||||
|
||||
ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
|
||||
EXPECT_EQ(1, ret);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
|
||||
|
||||
struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
|
||||
EXPECT_NE(nullptr, priority_label);
|
||||
EXPECT_EQ(1, priority_label->security_result_num);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].action);
|
||||
EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].config_id);
|
||||
|
||||
free_policy_label(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
|
||||
stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
|
||||
EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
TSG_MASTER_INIT();
|
||||
|
||||
Reference in New Issue
Block a user