From 037d4929d850c96628b845c49e71ee4f84176c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A7=AC=E5=B7=8D=E5=B7=9D?= Date: Sun, 10 May 2020 17:56:34 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85ftp=E8=87=AA=E5=8A=A8?= =?UTF-8?q?=E5=8C=96=E6=B5=8B=E8=AF=95=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Api_Security/Deny_FTP_Tests.robot | 259 +++++++++++++++++- 1 file changed, 253 insertions(+), 6 deletions(-) diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_FTP_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_FTP_Tests.robot index 809793f..683f670 100644 --- a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_FTP_Tests.robot +++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_FTP_Tests.robot @@ -14,7 +14,7 @@ ${objectids} ${EMPTY} *** Test Cases *** SecurityPolicy-Deny-Ftp-00001 - [Tags] Selfserver Deny Ftp Account子串匹配 + [Tags] selfserver deny ftp account子串匹配 Comment 创建Account ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} @@ -36,7 +36,7 @@ SecurityPolicy-Deny-Ftp-00001 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user SecurityPolicy-Deny-Ftp-00002 - [Tags] Selfserver Deny Ftp Account右匹配 + [Tags] selfserver deny ftp account右匹配 Comment 创建Account ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*user ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} @@ -58,7 +58,7 @@ SecurityPolicy-Deny-Ftp-00002 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user SecurityPolicy-Deny-Ftp-00003 - [Tags] Selfserver Deny Ftp Account完整匹配 + [Tags] selfserver deny ftp account完整匹配 Comment 创建Account ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$ftp_user ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} @@ -80,7 +80,7 @@ SecurityPolicy-Deny-Ftp-00003 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user SecurityPolicy-Deny-Ftp-00004 - [Tags] Selfserver Deny Ftp Account左匹配 + [Tags] selfserver deny ftp account左匹配 Comment 创建Account ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_u* ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} @@ -102,13 +102,260 @@ SecurityPolicy-Deny-Ftp-00004 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user SecurityPolicy-Deny-Ftp-00005 - [Tags] Selfserver Deny Ftp Account子串匹配 + [Tags] selfserver deny ftp url子串匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=168.100 + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_url_Id}|TSG_FIELD_FTP_URI isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5/ -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00006 + [Tags] selfserver deny ftp url右匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*100.5 + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_url_Id}|TSG_FIELD_FTP_URI isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5/ -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00007 + [Tags] selfserver deny ftp url完整匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$192.168.100.5/test.txt + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_url_Id}|TSG_FIELD_FTP_URI isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00008 + [Tags] selfserver deny ftp url左匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=192.168* + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_url_Id}|TSG_FIELD_FTP_URI isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00009 + [Tags] selfserver deny ftp content子串匹配 + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5/ -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00010 + [Tags] selfserver deny ftp content右匹配 + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=*t.txt + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5/ -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00011 + [Tags] selfserver deny ftp content完整匹配 + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=$中文文件.txt + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00011 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" 中文文件.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00012 + [Tags] selfserver deny ftp content左匹配 + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test* + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00012 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00013 + [Tags] selfserver deny ftp 多ip+修改 + Comment 创建第二个源IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.10|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建Account + ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*user + ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_Account_Id} + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test* + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT,${objectId}|TSG_SECURITY_SOURCE_ADDR isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + Comment 修改策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_SOURCE_ADDR,${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6 policyId=${policyId} + ${rescode} ${policyId} EditPolicy ${policyDict} update + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00014 + [Tags] selfserver deny ftp 最大组合 + Comment 创建Account + ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user + ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_Account_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=192.168* + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建content + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test* + ${rescode} ${object_content_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_content_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00014 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_content_Id}|TSG_FIELD_FTP_CONTENT,${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT,${object_url_Id}|TSG_FIELD_FTP_URI isValid=${1} appObjectIdArray=6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${FTP} FTP_login ftp://192.168.100.5 -u"ftp_user:qazXSW@edc" test.txt + should contain ${FTP} ftp_fail + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user + +SecurityPolicy-Deny-Ftp-00015 + [Tags] selfserver deny ftp account子串匹配 Comment 创建Account ${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user ${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${object_Account_Id} Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}