gfwleak/tango-verify-policy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added test cases for negate hit paths and multiple objects

Browse Source
This commit is contained in:
fengweihao
2024-11-05 14:58:30 +08:00
parent ef4658d38d
commit 3966b2963a
4 changed files with 263 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
test/resource/HitPolicyRequest.json
View File

@@ -374,6 +374,53 @@
}
],
"verify_type": "policy"
},
{
"__item_id": 10,
"vsys": 1,
"verify_list": [
{
"type": "proxy_manipulation",
"vsys": 1,
"verify_session": {
"attributes": [
{
"attribute_value_type": "numeric",
"attribute_name": "ATTR_IP_PROTOCOL",
"attribute_value": {
"addr_type": 4,
"numeric": 1
}
}
]
}
}
],
"verify_type": "policy"
},
{
"__item_id": 11,
"vsys": 1,
"verify_list": [
{
"type": "proxy_manipulation",
"vsys": 1,
"verify_session": {
"attributes": [
{
"attribute_value_type": "ip",
"attribute_name": "ATTR_SOURCE_IP",
"attribute_value": {
"ip": "10.1.1.1",
"port":"8080",
"addr_type": 4
}
}
]
}
}
],
"verify_type": "policy"
}
]
}

91
test/resource/HitPolicyResult.json
View File

@@ -702,6 +702,97 @@
}
},
"success": true
},
{
"__item_id": 10,
"code": 200,
"msg": "Success",
"data": {
"hit_rules": [
{
"uuid": "00101028-0000-0000-0000-000000000000",
"policyName": "",
"is_execute": true,
"top_object_list": [
{
"object_uuid": "00000000-0000-0000-0000-000000000006",
"attribute_name": "ATTR_IP_PROTOCOL",
"negate_option": 1,
"condition_index": 0
}
]
}
],
"verify_session": {
"attributes": [
{
"attribute_value_type": "numeric",
"attribute_name": "ATTR_IP_PROTOCOL",
"attribute_value": {
"addr_type": 4,
"numeric": 1
},
"hit_paths": [
{
"item_uuid": "00000000-0000-0000-0000-000000000000",
"superior_object_uuid": "00000000-0000-0000-0000-000000000005"
}
]
}
]
}
},
"success": true
},
{
"__item_id": 11,
"code": 200,
"msg": "Success",
"data": {
"hit_rules": [
{
"uuid": "00101029-0000-0000-0000-000000000000",
"policyName": "",
"is_execute": true,
"top_object_list": [
{
"object_uuid": "00000000-0000-0000-0000-000000090100",
"attribute_name": "ATTR_SOURCE_IP",
"negate_option": 0,
"condition_index": 0
}
]
}
],
"verify_session": {
"attributes": [
{
"attribute_value_type": "ip",
"attribute_name": "ATTR_SOURCE_IP",
"attribute_value": {
"ip": "10.1.1.1",
"port": "8080",
"addr_type": 4
},
"hit_paths": [
{
"item_uuid": "00000000-0000-0000-0000-000000001016",
"superior_object_uuid": "00000000-0000-0000-0000-000000090100"
},
{
"item_uuid": "00000000-0000-0000-0000-000000001015",
"superior_object_uuid": "00000000-0000-0000-0000-000000090100"
},
{
"item_uuid": "00000000-0000-0000-0000-000000001014",
"superior_object_uuid": "00000000-0000-0000-0000-000000090100"
}
]
}
]
}
},
"success": true
}
]
}

62
test/resource/VerifyPolicyManipulation.json
View File

@@ -504,6 +504,68 @@
]
}
]
},
{
"uuid": "00101028-0000-0000-0000-000000000000",
"service": 1,
"action": "manipulate",
"blacklist_option": 1,
"log_option": "all",
"action_parameter": "anything",
"is_valid": "yes",
"and_conditions": [
{
"attribute_name": "ATTR_IP_PROTOCOL",
"negate_option": true,
"object_uuids": [
"00000000-0000-0000-0000-000000000006"
]
}
]
},
{
"uuid": "00101029-0000-0000-0000-000000000000",
"service": 1,
"action": "manipulate",
"blacklist_option": 1,
"log_option": "all",
"action_parameter": "anything",
"is_valid": "yes",
"and_conditions": [
{
"attribute_name": "ATTR_SOURCE_IP",
"negate_option": false,
"objects": [
{
"object_name": "IPv4TCPSoureMultipleObject",
"uuid": "00000000-0000-0000-0000-000000090100",
"items": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"ip": "10.1.1.1/8"
}
},
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"ip": "10.1.1.1/24"
}
},
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip",
"table_content": {
"ip": "10.1.1.1/32"
}
}
]
}
]
}
]
}
],
"plugin_table": [

85
test/verify_policy_test.cpp
View File

@@ -236,6 +236,17 @@ TEST(VerifyPolicy, CheckRegexExpression)
FREE(&hit_policy_query);
}
int g_global_enable = 0;
void verify_policy_print_result(char *hit_policy_query, char *hit_policy_result, int enable)
{
int should_print = g_global_enable || enable;
if (should_print) {
printf("hit_policy_query = %s\n", hit_policy_query);
printf("hit_policy_result = %s\n", hit_policy_result);
}
}
TEST(VerifyPolicy, HitIpAddrPolicy)
{
char *hit_policy_request = select_hit_policy_request_item(9);
@@ -249,6 +260,8 @@ TEST(VerifyPolicy, HitIpAddrPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -258,28 +271,54 @@ TEST(VerifyPolicy, HitIpAddrPolicy)
FREE(&hit_policy_result);
}
TEST(VerifyPolicy, HitNegateIpAddrPolicy)
TEST(VerifyPolicy, HitNegateProtocolPolicy)
{
char *hit_policy_request = select_hit_policy_request_item(10);
ASSERT_TRUE(hit_policy_request != NULL);
char *hit_policy_result = select_hit_policy_result_item(10);
ASSERT_TRUE(hit_policy_result != NULL);
cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1);
ASSERT_TRUE(result_json != NULL);
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+17, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
cJSON_Delete(result_json);
FREE(&hit_policy_query);
FREE(&hit_policy_request);
FREE(&hit_policy_result);
}
TEST(VerifyPolicy, HitIntegerPolicy)
TEST(VerifyPolicy, HitMultipleObjectPolicy)
{
char *hit_policy_request = select_hit_policy_request_item(11);
ASSERT_TRUE(hit_policy_request != NULL);
char *hit_policy_result = select_hit_policy_result_item(11);
ASSERT_TRUE(hit_policy_result != NULL);
cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1);
ASSERT_TRUE(result_json != NULL);
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+17, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
cJSON_Delete(result_json);
FREE(&hit_policy_query);
FREE(&hit_policy_request);
FREE(&hit_policy_result);
}
TEST(VerifyPolicy, HitStringPolicy)
{
}
TEST(VerifyPolicy, HitObjectPolicy)
{
}
TEST(VerifyPolicy, HitGroupPolicy)
{
@@ -300,8 +339,7 @@ TEST(VerifyPolicy, HitIpPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
printf("hit_policy_query = %s\n", hit_policy_query+2);
printf("hit_policy_result = %s\n", hit_policy_result+16);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -325,8 +363,7 @@ TEST(VerifyPolicy, HitLibraryPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
//printf("hit_policy_query = %s\n", hit_policy_query);
//printf("hit_policy_result = %s\n", hit_policy_result);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -350,8 +387,7 @@ TEST(VerifyPolicy, HitMultiplePolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
//printf("hit_policy_query = %s\n", hit_policy_query);
//printf("hit_policy_result = %s\n", hit_policy_result);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -375,6 +411,8 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1025)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -397,8 +435,7 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1027)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
printf("hit_policy_query = %s\n", hit_policy_query);
printf("hit_policy_result = %s\n", hit_policy_result);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -423,6 +460,8 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);
@@ -489,9 +528,7 @@ TEST(VerifyPolicy, HitAllObjectPolicy)
char *hit_policy_query = cJSON_PrintUnformatted(result_json);
ASSERT_TRUE(hit_policy_query != NULL);
//printf("hit_policy_request = %s\n", hit_policy_request);
//printf("hit_policy_query = %s\n", hit_policy_query);
//printf("hit_policy_result = %s\n", hit_policy_result);
verify_policy_print_result(hit_policy_query, hit_policy_result, 0);
int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result));
EXPECT_EQ(equal, 0);