From 3966b2963ab9c0e7a09efb25e270dce126279c80 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Tue, 5 Nov 2024 14:58:30 +0800 Subject: [PATCH] Added test cases for negate hit paths and multiple objects --- test/resource/HitPolicyRequest.json | 47 +++++++++++ test/resource/HitPolicyResult.json | 91 +++++++++++++++++++++ test/resource/VerifyPolicyManipulation.json | 64 ++++++++++++++- test/verify_policy_test.cpp | 87 ++++++++++++++------ 4 files changed, 263 insertions(+), 26 deletions(-) diff --git a/test/resource/HitPolicyRequest.json b/test/resource/HitPolicyRequest.json index 85d5aa0..ec342c3 100644 --- a/test/resource/HitPolicyRequest.json +++ b/test/resource/HitPolicyRequest.json @@ -374,6 +374,53 @@ } ], "verify_type": "policy" + }, + { + "__item_id": 10, + "vsys": 1, + "verify_list": [ + { + "type": "proxy_manipulation", + "vsys": 1, + "verify_session": { + "attributes": [ + { + "attribute_value_type": "numeric", + "attribute_name": "ATTR_IP_PROTOCOL", + "attribute_value": { + "addr_type": 4, + "numeric": 1 + } + } + ] + } + } + ], + "verify_type": "policy" + }, + { + "__item_id": 11, + "vsys": 1, + "verify_list": [ + { + "type": "proxy_manipulation", + "vsys": 1, + "verify_session": { + "attributes": [ + { + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", + "attribute_value": { + "ip": "10.1.1.1", + "port":"8080", + "addr_type": 4 + } + } + ] + } + } + ], + "verify_type": "policy" } ] } \ No newline at end of file diff --git a/test/resource/HitPolicyResult.json b/test/resource/HitPolicyResult.json index 77042ad..539e6e0 100644 --- a/test/resource/HitPolicyResult.json +++ b/test/resource/HitPolicyResult.json @@ -702,6 +702,97 @@ } }, "success": true + }, + { + "__item_id": 10, + "code": 200, + "msg": "Success", + "data": { + "hit_rules": [ + { + "uuid": "00101028-0000-0000-0000-000000000000", + "policyName": "", + "is_execute": true, + "top_object_list": [ + { + "object_uuid": "00000000-0000-0000-0000-000000000006", + "attribute_name": "ATTR_IP_PROTOCOL", + "negate_option": 1, + "condition_index": 0 + } + ] + } + ], + "verify_session": { + "attributes": [ + { + "attribute_value_type": "numeric", + "attribute_name": "ATTR_IP_PROTOCOL", + "attribute_value": { + "addr_type": 4, + "numeric": 1 + }, + "hit_paths": [ + { + "item_uuid": "00000000-0000-0000-0000-000000000000", + "superior_object_uuid": "00000000-0000-0000-0000-000000000005" + } + ] + } + ] + } + }, + "success": true + }, + { + "__item_id": 11, + "code": 200, + "msg": "Success", + "data": { + "hit_rules": [ + { + "uuid": "00101029-0000-0000-0000-000000000000", + "policyName": "", + "is_execute": true, + "top_object_list": [ + { + "object_uuid": "00000000-0000-0000-0000-000000090100", + "attribute_name": "ATTR_SOURCE_IP", + "negate_option": 0, + "condition_index": 0 + } + ] + } + ], + "verify_session": { + "attributes": [ + { + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", + "attribute_value": { + "ip": "10.1.1.1", + "port": "8080", + "addr_type": 4 + }, + "hit_paths": [ + { + "item_uuid": "00000000-0000-0000-0000-000000001016", + "superior_object_uuid": "00000000-0000-0000-0000-000000090100" + }, + { + "item_uuid": "00000000-0000-0000-0000-000000001015", + "superior_object_uuid": "00000000-0000-0000-0000-000000090100" + }, + { + "item_uuid": "00000000-0000-0000-0000-000000001014", + "superior_object_uuid": "00000000-0000-0000-0000-000000090100" + } + ] + } + ] + } + }, + "success": true } ] } \ No newline at end of file diff --git a/test/resource/VerifyPolicyManipulation.json b/test/resource/VerifyPolicyManipulation.json index c131acc..0696115 100644 --- a/test/resource/VerifyPolicyManipulation.json +++ b/test/resource/VerifyPolicyManipulation.json @@ -504,8 +504,70 @@ ] } ] + }, + { + "uuid": "00101028-0000-0000-0000-000000000000", + "service": 1, + "action": "manipulate", + "blacklist_option": 1, + "log_option": "all", + "action_parameter": "anything", + "is_valid": "yes", + "and_conditions": [ + { + "attribute_name": "ATTR_IP_PROTOCOL", + "negate_option": true, + "object_uuids": [ + "00000000-0000-0000-0000-000000000006" + ] + } + ] + }, + { + "uuid": "00101029-0000-0000-0000-000000000000", + "service": 1, + "action": "manipulate", + "blacklist_option": 1, + "log_option": "all", + "action_parameter": "anything", + "is_valid": "yes", + "and_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "negate_option": false, + "objects": [ + { + "object_name": "IPv4TCPSoureMultipleObject", + "uuid": "00000000-0000-0000-0000-000000090100", + "items": [ + { + "table_name": "TSG_OBJ_IP_ADDR", + "table_type": "ip", + "table_content": { + "ip": "10.1.1.1/8" + } + }, + { + "table_name": "TSG_OBJ_IP_ADDR", + "table_type": "ip", + "table_content": { + "ip": "10.1.1.1/24" + } + }, + { + "table_name": "TSG_OBJ_IP_ADDR", + "table_type": "ip", + "table_content": { + "ip": "10.1.1.1/32" + } + } + ] + } + ] + } + ] } - ], + ], "plugin_table": [ { "table_name": "FQDN_ENTRY", diff --git a/test/verify_policy_test.cpp b/test/verify_policy_test.cpp index 15ef658..a32c492 100644 --- a/test/verify_policy_test.cpp +++ b/test/verify_policy_test.cpp @@ -236,6 +236,17 @@ TEST(VerifyPolicy, CheckRegexExpression) FREE(&hit_policy_query); } + +int g_global_enable = 0; +void verify_policy_print_result(char *hit_policy_query, char *hit_policy_result, int enable) +{ + int should_print = g_global_enable || enable; + if (should_print) { + printf("hit_policy_query = %s\n", hit_policy_query); + printf("hit_policy_result = %s\n", hit_policy_result); + } +} + TEST(VerifyPolicy, HitIpAddrPolicy) { char *hit_policy_request = select_hit_policy_request_item(9); @@ -249,6 +260,8 @@ TEST(VerifyPolicy, HitIpAddrPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -258,28 +271,54 @@ TEST(VerifyPolicy, HitIpAddrPolicy) FREE(&hit_policy_result); } -TEST(VerifyPolicy, HitNegateIpAddrPolicy) +TEST(VerifyPolicy, HitNegateProtocolPolicy) { - + char *hit_policy_request = select_hit_policy_request_item(10); + ASSERT_TRUE(hit_policy_request != NULL); + char *hit_policy_result = select_hit_policy_result_item(10); + ASSERT_TRUE(hit_policy_result != NULL); + + cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + char *hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); + + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+17, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + FREE(&hit_policy_request); + FREE(&hit_policy_result); } -TEST(VerifyPolicy, HitIntegerPolicy) +TEST(VerifyPolicy, HitMultipleObjectPolicy) { + char *hit_policy_request = select_hit_policy_request_item(11); + ASSERT_TRUE(hit_policy_request != NULL); + char *hit_policy_result = select_hit_policy_result_item(11); + ASSERT_TRUE(hit_policy_result != NULL); + cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + char *hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); + + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+17, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + FREE(&hit_policy_request); + FREE(&hit_policy_result); } -TEST(VerifyPolicy, HitStringPolicy) -{ - - -} - -TEST(VerifyPolicy, HitObjectPolicy) -{ - - -} TEST(VerifyPolicy, HitGroupPolicy) { @@ -300,8 +339,7 @@ TEST(VerifyPolicy, HitIpPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query = %s\n", hit_policy_query+2); - printf("hit_policy_result = %s\n", hit_policy_result+16); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -325,8 +363,7 @@ TEST(VerifyPolicy, HitLibraryPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - //printf("hit_policy_query = %s\n", hit_policy_query); - //printf("hit_policy_result = %s\n", hit_policy_result); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -350,8 +387,7 @@ TEST(VerifyPolicy, HitMultiplePolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - //printf("hit_policy_query = %s\n", hit_policy_query); - //printf("hit_policy_result = %s\n", hit_policy_result); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -375,6 +411,8 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1025) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -397,8 +435,7 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1027) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query = %s\n", hit_policy_query); - printf("hit_policy_result = %s\n", hit_policy_result); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -423,6 +460,8 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); @@ -489,9 +528,7 @@ TEST(VerifyPolicy, HitAllObjectPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - //printf("hit_policy_request = %s\n", hit_policy_request); - //printf("hit_policy_query = %s\n", hit_policy_query); - //printf("hit_policy_result = %s\n", hit_policy_result); + verify_policy_print_result(hit_policy_query, hit_policy_result, 0); int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0);