#!/usr/bin/env python # -*- coding: utf-8 -*- """ 规则执行演示脚本(内存版本) 此示例演示如何在内存中创建规则并执行,不依赖文件系统存储。 """ import sys import logging import json import time import re from pathlib import Path from typing import Dict, Any, List # 添加项目根目录到Python路径 sys.path.insert(0, str(Path(__file__).resolve().parents[1])) from ddms_compliance_suite.models.rule_models import ( BaseRule, PerformanceRule, SecurityRule, RESTfulDesignRule, ErrorHandlingRule, RuleCategory, TargetType, RuleLifecycle, RuleScope, SeverityLevel ) from ddms_compliance_suite.rule_executor.executor import RuleExecutor, RuleExecutionResult from ddms_compliance_suite.api_caller.caller import APIRequest, APIResponse # 配置日志 logging.basicConfig( level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s' ) logger = logging.getLogger(__name__) class MockRuleRepository: """ 模拟规则库,用于在内存中存储规则而不是文件系统 """ def __init__(self): self.rules: Dict[str, BaseRule] = {} def save_rule(self, rule: BaseRule) -> bool: """保存规则到内存""" self.rules[rule.id] = rule return True def load_rule_by_id(self, rule_id: str, version: str = None) -> BaseRule: """从内存加载规则""" return self.rules.get(rule_id) def get_rules_by_lifecycle(self, lifecycle: RuleLifecycle, target_type: TargetType = None) -> List[BaseRule]: """获取指定生命周期阶段的规则""" results = [] for rule in self.rules.values(): if rule.lifecycle == lifecycle: if target_type is None or rule.target_type == target_type: results.append(rule) return results def get_rules_for_target(self, target_type: TargetType, target_id: str) -> List[BaseRule]: """获取适用于特定目标的规则""" results = [] for rule in self.rules.values(): if rule.target_type == target_type: results.append(rule) return results def create_mock_rules() -> List[BaseRule]: """创建测试用的规则""" rules = [] # 1. 性能规则 - 响应时间不超过500毫秒 performance_rule = PerformanceRule( id="response-time-max-500ms", name="响应时间不超过500毫秒", description="验证API响应时间不超过500毫秒", category=RuleCategory.PERFORMANCE, severity=SeverityLevel.WARNING, target_type=TargetType.API_RESPONSE, lifecycle=RuleLifecycle.RESPONSE_VALIDATION, scope=RuleScope.RESPONSE_TIME, threshold=500.0, metric="response_time", unit="ms" ) rules.append(performance_rule) # 2. 安全规则 - HTTPS强制使用 security_rule = SecurityRule( id="https-only-rule", name="HTTPS强制使用规则", description="验证API请求是否使用了HTTPS协议", category=RuleCategory.SECURITY, severity=SeverityLevel.ERROR, target_type=TargetType.API_REQUEST, lifecycle=RuleLifecycle.REQUEST_PREPARATION, scope=RuleScope.SECURITY, check_type="transport_security", expected_value="https" ) rules.append(security_rule) # 3. RESTful设计规则 - URL路径格式 restful_rule = RESTfulDesignRule( id="restful-url-pattern", name="RESTful URL设计规则", description="验证API URL是否符合RESTful设计规范", category=RuleCategory.API_DESIGN, severity=SeverityLevel.WARNING, target_type=TargetType.API_REQUEST, lifecycle=RuleLifecycle.REQUEST_PREPARATION, scope=RuleScope.REQUEST_URL, design_aspect="URL设计", pattern=r"^/api/v\d+/[a-z0-9-]+(/[a-z0-9-]+)*$" ) rules.append(restful_rule) # 4. 错误处理规则 - 错误响应格式 error_rule = ErrorHandlingRule( id="standard-error-response", name="标准错误响应格式规则", description="验证API错误响应是否符合标准格式", category=RuleCategory.ERROR_HANDLING, severity=SeverityLevel.WARNING, target_type=TargetType.API_RESPONSE, lifecycle=RuleLifecycle.RESPONSE_VALIDATION, scope=RuleScope.RESPONSE_BODY, error_code="*", expected_status=400 ) rules.append(error_rule) return rules def log_rule_execution_results(results: List[RuleExecutionResult], phase: str): """记录规则执行结果""" total_count = len(results) passed_count = sum(1 for r in results if r.is_valid) logger.info(f"=== {phase} 规则执行结果: {passed_count}/{total_count} 通过 ===") for result in results: status = "通过" if result.is_valid else "失败" logger.info(f"规则: {result.rule_name} (ID: {result.rule_id}) - 结果: {status} - 消息: {result.message}") def mock_api_response(status_code=200, content=None, elapsed_time=0.1): """创建模拟API响应""" if content is None: content = {"id": 123, "name": "测试用户", "status": "active"} return APIResponse( status_code=status_code, headers={"Content-Type": "application/json"}, content=json.dumps(content).encode('utf-8'), elapsed_time=elapsed_time, json_content=content ) def demo_rule_execution(): """演示规则执行""" # 创建模拟规则库和规则 repo = MockRuleRepository() rules = create_mock_rules() # 将规则添加到规则库 for rule in rules: repo.save_rule(rule) # 创建规则执行器 executor = RuleExecutor(repo) # 演示场景1: 标准场景 - 所有规则应通过 logger.info("\n========== 场景1: 标准场景 - 所有规则应通过 ==========") request1 = APIRequest( method="GET", url="https://api.example.com/api/v1/users/123", headers={"Content-Type": "application/json"} ) response1 = mock_api_response() # 创建上下文 context1 = { 'api_request': request1, 'api_response': response1, 'endpoint_id': 'GET /api/v1/users/123' } # 执行请求准备阶段规则 logger.info("执行请求准备阶段规则...") request_results1 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.REQUEST_PREPARATION, context=context1 ) log_rule_execution_results(request_results1, "请求准备阶段") # 执行响应验证阶段规则 logger.info("执行响应验证阶段规则...") response_results1 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.RESPONSE_VALIDATION, context=context1 ) log_rule_execution_results(response_results1, "响应验证阶段") # 演示场景2: 慢响应 - 性能规则应失败 logger.info("\n========== 场景2: 慢响应 - 性能规则应失败 ==========") request2 = APIRequest( method="GET", url="https://api.example.com/api/v1/users/123", headers={"Content-Type": "application/json"} ) # 创建一个响应时间为1.5秒的慢响应 response2 = mock_api_response(elapsed_time=1.5) # 创建上下文 context2 = { 'api_request': request2, 'api_response': response2, 'endpoint_id': 'GET /api/v1/users/123' } # 执行请求准备阶段规则 logger.info("执行请求准备阶段规则...") request_results2 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.REQUEST_PREPARATION, context=context2 ) log_rule_execution_results(request_results2, "请求准备阶段") # 执行响应验证阶段规则 logger.info("执行响应验证阶段规则...") response_results2 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.RESPONSE_VALIDATION, context=context2 ) log_rule_execution_results(response_results2, "响应验证阶段") # 演示场景3: 错误响应 - 错误处理规则应验证 logger.info("\n========== 场景3: 错误响应 - 错误处理规则应验证 ==========") request3 = APIRequest( method="GET", url="https://api.example.com/api/v1/users/999", headers={"Content-Type": "application/json"} ) # 创建一个404错误响应 response3 = mock_api_response( status_code=404, content={"code": "USER_NOT_FOUND", "message": "用户不存在"} ) # 创建上下文 context3 = { 'api_request': request3, 'api_response': response3, 'endpoint_id': 'GET /api/v1/users/999' } # 执行请求准备阶段规则 logger.info("执行请求准备阶段规则...") request_results3 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.REQUEST_PREPARATION, context=context3 ) log_rule_execution_results(request_results3, "请求准备阶段") # 执行响应验证阶段规则 logger.info("执行响应验证阶段规则...") response_results3 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.RESPONSE_VALIDATION, context=context3 ) log_rule_execution_results(response_results3, "响应验证阶段") # 演示场景4: 非HTTPS请求 - 安全规则应失败 logger.info("\n========== 场景4: 非HTTPS请求 - 安全规则应失败 ==========") request4 = APIRequest( method="GET", url="http://api.example.com/api/v1/users/123", # 使用HTTP而不是HTTPS headers={"Content-Type": "application/json"} ) response4 = mock_api_response() # 创建上下文 context4 = { 'api_request': request4, 'api_response': response4, 'endpoint_id': 'GET /api/v1/users/123' } # 执行请求准备阶段规则 logger.info("执行请求准备阶段规则...") request_results4 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.REQUEST_PREPARATION, context=context4 ) log_rule_execution_results(request_results4, "请求准备阶段") # 执行响应验证阶段规则 logger.info("执行响应验证阶段规则...") response_results4 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.RESPONSE_VALIDATION, context=context4 ) log_rule_execution_results(response_results4, "响应验证阶段") # 演示场景5: 非RESTful URL - RESTful设计规则应失败 logger.info("\n========== 场景5: 非RESTful URL - RESTful设计规则应失败 ==========") request5 = APIRequest( method="GET", url="https://api.example.com/getUserInfo?id=123", # 非RESTful URL headers={"Content-Type": "application/json"} ) response5 = mock_api_response() # 创建上下文 context5 = { 'api_request': request5, 'api_response': response5, 'endpoint_id': 'GET /getUserInfo' } # 执行请求准备阶段规则 logger.info("执行请求准备阶段规则...") request_results5 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.REQUEST_PREPARATION, context=context5 ) log_rule_execution_results(request_results5, "请求准备阶段") # 执行响应验证阶段规则 logger.info("执行响应验证阶段规则...") response_results5 = executor.execute_rules_for_lifecycle( lifecycle=RuleLifecycle.RESPONSE_VALIDATION, context=context5 ) log_rule_execution_results(response_results5, "响应验证阶段") if __name__ == "__main__": demo_rule_execution()