diff --git a/01-TestCase/tsg_adc/api_proxy/.gitkeep b/01-TestCase/tsg_adc/api_proxy.robot/.gitkeep similarity index 100% rename from 01-TestCase/tsg_adc/api_proxy/.gitkeep rename to 01-TestCase/tsg_adc/api_proxy.robot/.gitkeep diff --git a/01-TestCase/tsg_adc/api_proxy.robot/AllowHttpTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/AllowHttpTests.robot new file mode 100644 index 0000000..84ac7fa --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/AllowHttpTests.robot @@ -0,0 +1,608 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-Allow-00001 + [Tags] Allow IP HTTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00001.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_allow_00001_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 皮皮虾下载 Tango Secure Gateway CA + ... ELSE Create List 皮皮虾下载 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host http_url + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-allow-00002 + [Tags] Allow IP HTTP HOST + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$mp.pipix.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "mp.pipix.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00001.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_allow_00001_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 皮皮虾下载 Tango Secure Gateway CA + ... ELSE Create List 皮皮虾下载 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host mp.pipix.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-allow-00003 + [Tags] Allow IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=$znakitaro.ru/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "znakitaro.ru/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00003_1.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_allow_00003_1L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Тайные Tango Secure Gateway CA + ... ELSE Create List Новости Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host znakitaro.ru + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Allow-00004 + [Tags] Allow IP HTTP User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.hao123.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 上网从这里开始 Tango Secure Gateway CA + ... ELSE Create List 上网从这里开始 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host hao123 + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Allow-00005 + [Tags] Allow IP HTTP Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=*html isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "html","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00008.bat + ... ELSE set variable curl http://www.sse.com.cn/market/overview/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 上海证券交易所 + ... ELSE Create List 上海证券交易所 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host sse.com.cn + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Allow-00006 + [Tags] Allow IP HTTP Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=lQfQ_2132 isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ck1} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "lQfQ_2132","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00012.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_allow_00012_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Object moved Tango Secure Gateway CA + ... ELSE Create List Object moved Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.virtuoso.com + Should Be Equal As Strings ${returnvalue} true + + +roxyPolicy-Allow-00007 + [Tags] Allow IP HTTP Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=pll_language=ru* isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "pll_language=ru","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00013.bat + ... ELSE set variable curl -kv https://russia.payu.com/orange-data/ + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00013.bat + ... ELSE set variable curl -kv https://russia.payu.com/orange-data/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Интернет Tango Secure Gateway CA + ... ELSE Create List Интернет Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host russia.payu.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Allow-00008 + [Tags] Allow IP HTTP HOST+URL+User-Agent+Content-Type+Cookie+Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.orbitz.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=*Flights isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=__stripe_sid isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.orbitz.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId6} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId6} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=allow userRegion={"method":"allow","protocol":"HTTP"} source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_HDR,${objectId6}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.orbitz.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.orbitz.com/Flights"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset=text","district": "Content-Type"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0fsfwhh","district": "User-Agent"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "__stripe_sidafdsvxvx","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "afsf123Domain=.orbitz.com","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url} ${res_hdr_ct} ${req_hdr_ua} ${req_hdr_ck} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_allow_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.orbitz.com/Flights + ${stringlist} run keyword if '${systemType}'=='Windows' Create List www.orbitz.com Tango Secure Gateway CA + ... ELSE Create List www.orbitz.com Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.orbitz.com + Should Be Equal As Strings ${returnvalue} true + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/DenyTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/DenyTests.robot new file mode 100644 index 0000000..7fbb62a --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/DenyTests.robot @@ -0,0 +1,879 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} url=${url} profiledId=${profiledId} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /v1/policy/profile/responsepages +${profiledId} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-deny-00001 + [Tags] Deny IP HTTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"重新开始","code":403,"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00001.bat + ... ELSE set variable curl -kv \ https://newsela.com/about/content/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 重新开始 Tango Secure Gateway CA + ... ELSE Create List 重新开始 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host http_url + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-deny-http-00002 + [Tags] Deny IP HTTP HOST + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*kingidentity.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "kingidentity.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00002.bat + ... ELSE set variable curl -kv \ \ https://kingidentity.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA + ... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host kingidentity.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-deny-00003 + [Tags] Deny IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=creativetravelgroup.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "creativetravelgroup.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00003_1.bat + ... ELSE set variable curl -kv \ https://creativetravelgroup.com/ + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00003_1.bat + ... ELSE set variable curl -kv \ https://creativetravelgroup.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List head404 Tango Secure Gateway CA + ... ELSE Create List head404 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host creativetravelgroup.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-deny-00004 + [Tags] Deny IP HTTP User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"qwertyuiop","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.usdebtclock.org/state-debt-clocks/state-of-california-debt-clock.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List qwertyuiop Tango Secure Gateway CA + ... ELSE Create List qwertyuiop Tango Secure Gateway CA + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.usdebtclock.org/state-debt-clocks/state-of-california-debt-clock.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List qwertyuiop Tango Secure Gateway CA + ... ELSE Create List qwertyuiop Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.usdebtclock.org + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-deny-0005 + [Tags] Deny IP HTTP Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=*utf-8 isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","html_profile":${profiledId},"code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00008.bat + ... ELSE set variable curl http://www.6renyou.com/user_comment/index + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 + ... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.6renyou.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-deny-00006 + [Tags] Deny IP HTTP Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"123456789","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00012.bat + ... ELSE set variable curl -kv --cookie "lQfQ_2132_saltkey=t8WY1oPe; lQfQ_2132_lastvisit=1595381790; lQfQ_2132_sid=vqXOg6; lQfQ_2132_lastact=1595385400%09forum.php%09image" --referer 'https://www.baidu.com/' \ https://www.youqulu.com/category/zixun + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 123456789 Tango Secure Gateway CA + ... ELSE Create List 123456789 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.youqulu.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-deny-00007 + [Tags] Deny IP HTTP Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=irkzadmin_session* isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"一直相信","code":403,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "irkzadmin_session","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00013_3.bat + ... ELSE set variable curl -kv \ https://nationalbank.kz/?switch=kazakh + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 一直相信 Tango Secure Gateway CA + ... ELSE Create List 一直相信 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host nationalbank.kz + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-deny-00008 + [Tags] Deny IP HTTP Request Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=ProxydenyTest001401 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "ProxydenyTest001401"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00014.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=1234567&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection was reset + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-deny-00009 + [Tags] Deny IP HTTP Response Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=NOFOLLOW isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "NOFOLLOW"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00017.bat + ... ELSE set variable curl -kv --cookie "test%20cookie=null; timezoneoffset=-480; ASP.NET_SessionId=sta2b3gxpxzqei3by1ka3qsa; visid_incap_1010467=Iu/pLzeoTnGn2VDjWdP9GpoBGF8AAAAAQUIPAAAAAADzSLZtZ1tZ/Rbjfct3Nq69" --referer 'https://www.baidu.com/' \ https://www.umusicpub.com/au/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.umusicpub.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-deny-00010 + [Tags] Deny IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.umusicpub.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=sicpub.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=timezoneoffset isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.umusicpub.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=NOFOLLOW isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.umusicpub.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.umusicpub.com/au/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "timezoneoffset","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.umusicpub.com","district": "Set-Cookie"} + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "NOFOLLOW"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url1} ${req_hdr_ck} ${res_hdr_sc} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00017.bat + ... ELSE set variable curl -kv --cookie "test%20cookie=null; timezoneoffset=-480; ASP.NET_SessionId=sta2b3gxpxzqei3by1ka3qsa; visid_incap_1010467=Iu/pLzeoTnGn2VDjWdP9GpoBGF8AAAAAQUIPAAAAAADzSLZtZ1tZ/Rbjfct3Nq69" --referer 'https://www.baidu.com/' \ https://www.umusicpub.com/au/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.umusicpub.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-deny-00011 + [Tags] Deny IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*open.node.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=open isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=ProxyDenyTest0017 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "ProxyDenyTest0017"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url1} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00016.bat + ... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"ProxyDenyTest0017","setcook":"asdf","contenttype": "content-type","responsebody": "adzx"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com:180/go + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 涨涨涨涨 + ... ELSE Create List 涨涨涨涨 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/HijackHttp.robot b/01-TestCase/tsg_adc/api_proxy.robot/HijackHttp.robot new file mode 100644 index 0000000..7af0244 --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/HijackHttp.robot @@ -0,0 +1,713 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} url=${url} profiledId=${profiledId} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /v1/policy/profile/hijackfiles +${profiledId} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-Hijack-00001 + [Tags] Hijack IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=or.tv/news isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test1","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "vator.tv/news"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00001.bat + ... ELSE set variable curl -kv https://vator.tv/news + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00001.bat + ... ELSE set variable curl -kv https://vator.tv/news + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA + ... ELSE Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host vator.tv + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Hijack-00002 + [Tags] Hijack IP HTTP URL Host + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=www.lexus.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.lexus.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.lexus.ru/"} + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.lexus.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00003.bat + ... ELSE set variable curl -kv https://www.lexus.ru/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac Tango Secure Gateway CA + ... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.lexus.ru + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Hijack-00003 + [Tags] Hijack IP HTTP URL User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=channel/dianying/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.ixigua.com/channel/dianying/"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00005.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00005_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Files-test-5.png Tango Secure Gateway CA + ... ELSE Create List Files-test-5.png Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.ixigua.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Hijack-00004 + [Tags] Hijack IP HTTP URL Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=/eng/start/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=text* isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.airwargame.com/eng/start/"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "text","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00011.bat + ... ELSE set variable curl http://www.airwargame.com/eng/start/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac + ... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.airwargame.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Hijack-00005 + [Tags] Hijack IP HTTP URL Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=corporates/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.reval.com/corporates/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012_L.bat + sleep 3 + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012.bat + ... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png Tango Secure Gateway CA + ... ELSE Create List bFiles-test-5.png Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.reval.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Hijack-00006 + [Tags] Hijack IP HTTP URL Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=nsscreencast isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=_nsscreencast_session_ isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "nsscreencast.com/episodes"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "_nsscreencast_session_","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00013.bat + ... ELSE set variable curl -kv https://nsscreencast.com/episodes + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00013.bat + ... ELSE set variable curl -kv https://nsscreencast.com/episodes + ${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA + ... ELSE Create List test-4.jpeg Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host nsscreencast.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Hijack-00007 + [Tags] Hijack IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=__stripe_sid isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.intervalworld.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "__stripe_sidafdsvxvx","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.intervalworld.com","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} ${fqdn} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home + ${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA + ... ELSE Create List test-4.jpeg Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Hijack-00008 + [Tags] Hijack IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Hijack策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset=text","district": "Content-Type"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0fsfwhh","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} ${fqdn} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home + ${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA + ... ELSE Create List test-4.jpeg Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/InsertTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/InsertTests.robot new file mode 100644 index 0000000..7533436 --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/InsertTests.robot @@ -0,0 +1,707 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} url=${url} profiledId=${profiledId} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /v1/policy/profile/insertscripts +${profiledId} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-insert-00001 + [Tags] insert IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=www.costcotravel.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.costcotravel.com/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00001.bat + ... ELSE set variable curl -kv https://www.costcotravel.com/Vacation-Packages + ${stringlist} run keyword if '${systemType}'=='Windows' Create List X-TG-Construct-By: tfe Tango Secure Gateway CA + ... ELSE Create List X-TG-Construct-By: tfe Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.costcotravel.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-insert-00002 + [Tags] insert IP HTTP URL Host + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=meilleurmobile isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.meilleurmobile.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.meilleurmobile.com/"} + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.meilleurmobile.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00002.bat + ... ELSE set variable curl -kv https://www.meilleurmobile.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List alert Tango Secure Gateway CA + ... ELSE Create List alert Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.meilleurmobile.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-insert-00003 + [Tags] insert IP HTTP URL User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=login_redirect isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.viator.com/login?login_redirect=%2Faccount%2Fbookings"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.viator.com/login?login_redirect=%2Faccount%2Fbookings + ${stringlist} run keyword if '${systemType}'=='Windows' Create List select_language Tango Secure Gateway CA + ... ELSE Create List select_language Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.viator.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-insert-00004 + [Tags] insert IP HTTP URL Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=Shops.htm isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=utf-8 isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.waikikibeachwalk.com/Shops.htm"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00008.bat + ... ELSE set variable curl -kv http://www.waikikibeachwalk.com/Shops.htm + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00008.bat + ... ELSE set variable curl -kv http://www.waikikibeachwalk.com/Shops.htm + ${stringlist} run keyword if '${systemType}'=='Windows' Create List alert + ... ELSE Create List alert + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.waikikibeachwalk.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-insert-00005 + [Tags] insert IP HTTP URL Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=equipment isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test.css insertcss + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "petapixel.com/topic/equipment/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00012.bat + ... ELSE set variable curl -kv --cookie "lQfQ_2132_saltkey=t8WY1oPe; lQfQ_2132_lastvisit=1595381790; lQfQ_2132_sid=vqXOg6; lQfQ_2132_lastact=1595385400%09forum.php%09image" --referer 'https://www.baidu.com/' \ https://petapixel.com/topic/equipment/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List petapixel Tango Secure Gateway CA + ... ELSE Create List petapixel Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host petapixel.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-insert-00006 + [Tags] insert IP HTTP URL Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.intervalworld.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test.css insertcss + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.intervalworld.com","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home + ${stringlist} run keyword if '${systemType}'=='Windows' Create List alert Tango Secure Gateway CA + ... ELSE Create List alert Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-insert-00007 + [Tags] insert IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=__stripe_sid isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.intervalworld.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test.css insertcss + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "__stripe_sidafdsvxvx","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.intervalworld.com","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} ${fqdn} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home + ${stringlist} run keyword if '${systemType}'=='Windows' Create List alert Tango Secure Gateway CA + ... ELSE Create List alert Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-insert-00008 + [Tags] insert IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test.css insertcss + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建insert策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset=text","district": "Content-Type"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0fsfwhh","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} ${fqdn} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat + ... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home + ${stringlist} run keyword if '${systemType}'=='Windows' Create List alert Tango Secure Gateway CA + ... ELSE Create List alert Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/MonitorTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/MonitorTests.robot new file mode 100644 index 0000000..634e31e --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/MonitorTests.robot @@ -0,0 +1,870 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + + + + +*** Test Cases *** +ProxyPolicy-Monitor-00001 + [Tags] Monitor IP HTTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00001.bat + ... ELSE set variable curl -kv \ https://newsela.com/about/content/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host http_url + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Monitor-http-00002 + [Tags] Monitor IP HTTP HOST + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*kingidentity.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "kingidentity.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00002.bat + ... ELSE set variable curl -kv \ \ https://kingidentity.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host kingidentity.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Monitor-00003 + [Tags] Monitor IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=creativetravelgroup.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "creativetravelgroup.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00003_1.bat + ... ELSE set variable curl -kv \ https://creativetravelgroup.com/ + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00003_1.bat + ... ELSE set variable curl -kv \ https://creativetravelgroup.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host creativetravelgroup.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Monitor-00004 + [Tags] Deny IP HTTP User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.usdebtclock.org/state-debt-clocks/state-of-california-debt-clock.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List qwertyuiop Tango Secure Gateway CA + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.usdebtclock.org/state-debt-clocks/state-of-california-debt-clock.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List qwertyuiop Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.usdebtclock.org + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Monitor-0005 + [Tags] Monitor IP HTTP Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=*utf-8 isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00008.bat + ... ELSE set variable curl http://www.6renyou.com/user_comment/index + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 6人游 + ... ELSE Create List 6人游 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.6renyou.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Monitor-00006 + [Tags] Monitor IP HTTP Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00012.bat + ... ELSE set variable curl -kv --cookie "lQfQ_2132_saltkey=t8WY1oPe; lQfQ_2132_lastvisit=1595381790; lQfQ_2132_sid=vqXOg6; lQfQ_2132_lastact=1595385400%09forum.php%09image" --referer 'https://www.baidu.com/' \ https://www.youqulu.com/category/zixun + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.youqulu.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Monitor-00007 + [Tags] Deny IP HTTP Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=irkzadmin_session* isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "irkzadmin_session","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00013_3.bat + ... ELSE set variable curl -kv \ https://nationalbank.kz/?switch=kazakh + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host nationalbank.kz + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Monitor-00008 + [Tags] Deny IP HTTP Request Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=ProxydenyTest001401 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "ProxydenyTest001401"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00014.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=1234567&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Timed out + ... ELSE Create List Connection was reset + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Monitor-00009 + [Tags] Monitor IP HTTP Response Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=NOFOLLOW isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "NOFOLLOW"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00017.bat + ... ELSE set variable curl -kv --cookie "test%20cookie=null; timezoneoffset=-480; ASP.NET_SessionId=sta2b3gxpxzqei3by1ka3qsa; visid_incap_1010467=Iu/pLzeoTnGn2VDjWdP9GpoBGF8AAAAAQUIPAAAAAADzSLZtZ1tZ/Rbjfct3Nq69" --referer 'https://www.baidu.com/' \ https://www.umusicpub.com/au/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.umusicpub.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Monitor-00010 + [Tags] Monitor IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.umusicpub.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=sicpub.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=timezoneoffset isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.umusicpub.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=NOFOLLOW isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.umusicpub.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.umusicpub.com/au/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "timezoneoffset","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.umusicpub.com","district": "Set-Cookie"} + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "NOFOLLOW"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url1} ${req_hdr_ck} ${res_hdr_sc} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00017.bat + ... ELSE set variable curl -kv --cookie "test%20cookie=null; timezoneoffset=-480; ASP.NET_SessionId=sta2b3gxpxzqei3by1ka3qsa; visid_incap_1010467=Iu/pLzeoTnGn2VDjWdP9GpoBGF8AAAAAQUIPAAAAAADzSLZtZ1tZ/Rbjfct3Nq69" --referer 'https://www.baidu.com/' \ https://www.umusicpub.com/au/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.umusicpub.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Monitor-00011 + [Tags] Monitor IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*open.node.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=open isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=ProxyDenyTest0017 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"monitor","protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "ProxyDenyTest0017"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url1} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_Deny_00016.bat + ... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"ProxyDenyTest0017","setcook":"asdf","contenttype": "content-type","responsebody": "adzx"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com:180/go + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Timed out + ... ELSE Create List Timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/RedirectTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/RedirectTests.robot new file mode 100644 index 0000000..6443197 --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/RedirectTests.robot @@ -0,0 +1,750 @@ +*** Settings *** +#Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +*** Test Cases *** +ProxyPolicy-Redirect-00001 + [Tags] Redirect IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=tudou isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":302,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "tudou.com/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00001.bat + ... ELSE set variable curl -kv https://tudou.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host tudou.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Redirect-00002 + [Tags] Redirect IP HTTP URL HOST + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=glazok.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*glazok.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":302,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "glazok.kz"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "glazok.kz/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00002.bat + ... ELSE set variable curl -kv https://glazok.kz/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host glazok.kz + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Redirect-00003 + [Tags] Redirect IP HTTP URL User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=investing/online-trading isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":302,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.merrilledge.com/investing/online-trading"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.merrilledge.com/investing/online-trading + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.merrilledge.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Redirect-00004 + [Tags] Redirect IP HTTP URL Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=business/fixed isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=*utf-8 isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"https://yhd.com","code":302,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.essence.com.cn/business/fixed"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00008.bat + ... ELSE set variable curl -kv http://www.essence.com.cn/business/fixed + ${stringlist} run keyword if '${systemType}'=='Windows' Create List https://yhd.com + ... ELSE Create List https://yhd.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.essence.com.cn + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Redirect-00005 + [Tags] Redirect IP HTTP URL Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=products/product-type/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":302,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.investors-trust.com/products/product-type/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkeyfafghlh","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00012.bat + ... ELSE set variable curl -kv --cookie "lQfQ_2132_saltkey=t8WY1oPe; lQfQ_2132_lastvisit=1595381790; lQfQ_2132_sid=vqXOg6; lQfQ_2132_lastact=1595385400%09forum.php%09image" --referer 'https://www.baidu.com/' \ https://www.investors-trust.com/products/product-type/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.investors-trust.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Redirect-00006 + [Tags] Redirect IP HTTP URL Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=www.travelmath.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=mobile=2* isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.travelmath.com/drive-distance/"} + ${res_hdr_sc1} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "mobile=2","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00013.bat + ... ELSE set variable curl -kv https://www.travelmath.com/drive-distance/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.travelmath.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Redirect-00007 + [Tags] Redirect IP HTTP URL Request Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=open.node isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=testredirect0014001 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testredirect0014001"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00014.bat + ... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"testredirect0014001","setcook":"monitortest142","contenttype": "content-type","responsebody": "testredirect0014001"}" -kv http://open.node.com:180/go + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Redirect-00008 + [Tags] Redirect IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.equifax.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=*personal/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=COOKIE_SUPPORT isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=GUEST_LANGUAGE_ID isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.equifax.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.equifax.com/personal/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "COOKIE_SUPPORT","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "GUEST_LANGUAGE_ID","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} ${req_hdr_ck} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00016.bat + ... ELSE set variable curl -kv --cookie "COOKIE_SUPPORT=true; GUEST_LANGUAGE_ID=en_US; check=true; optimizelyEndUserId=oeu1614475207300r0.5456467694720912; AMCVS_0D2431DD533AE3ED0A490D44%40AdobeOrg=1; s_ecid=MCMID%7C60761335805840825830014857054941623749; AMCV_0D2431DD533AE3ED0A490D44%40AdobeOrg=1585540135%7CMCIDTS%7C18687%7CMCMID%7C60761335805840825830014857054941623749%7CMCAAMLH-1615080007%7C11%7CMCAAMB-1615080007%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1614482408s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.4.0; _gcl_au=1.1.1338628350.1614475209; _cs_c=1; mboxEdgeCluster=38; bounceClientVisit4326v=N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0ApgI4CuAlgGYCGAHmQMYD2AtkRBQCcUnAHZMwREABoQAmCBABfIA; s_dfa=equifaxgcsusprod%2Cequifaxgcsglobalprod; _cs_mk=0.6956552086218912_1614475214635; s2_visit=1; s2_dslv_s=first%20visit; s2_gpv_as=no%20value; s2_gpv_pn=us%20%7C%20gcs%20%7C%20home; s2_gpv_pt=home; s_vnum=1614528000644%26vn%3D1; s_invisit=true; s2_ttce=1614475214645; s2_ptc=%5B%5BB%5D%5D; s_cc=true; aam_uuid=60782751376829515990016981052062115069; QSI_HistorySession=https%3A%2F%2Fwww.equifax.com%2Fpersonal%2F~1614475214944; ats-cid-AM-141627-sid=42959954; s_vi=[CS]v1|301D77E8A8742FEB-400013573E0D5817[CE]; mbox=session#be301dd442d743f0a9801609db54a320#1614477138|PC#be301dd442d743f0a9801609db54a320.38_0#1677720010; _cs_id=dec49cf1-0907-a158-aaf5-5b82707dd758.1614475208.1.1614475278.1614475208.1.1648639208984.Lax.0; _cs_s=2.0; LFR_SESSION_STATE_20105=1614475279282; _uetsid=1cc2e370796311ebabaf9b1249a9cba5; _uetvid=1cc2ecd0796311eb890f8f8f18f8e982; s2_getNewRepeat=1614475281456-Repeat; s2_dslv=1614475281456; JSESSIONID=DF505B4E7193A5871D79196DF19CD8C8; TS013d4770=0131c2fe50536b48a838ba47248a57b5c14a6e36de393cb14df413b1272d8566ff9d9af3b07411d579abea5a03f5fd4dda2e9117d9d1e9cb5676bace395d6fcede1c0a8f8061ef2b222db7cb7472622d48944b693c3cdc0b7603d5a91e9930c55752d58c11" --referer 'https://www.baidu.com/' \ https://www.equifax.com/personal/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.equifax.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Redirect-00009 + [Tags] Redirect IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*open.node.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=open.node.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=testredirect0015 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + Comment 创建redirect策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testredirect0015"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_redirect_00015.bat + ... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "Content-Type:application/json;charset=UTF-8" -X POST -d "{\"requestbody\":\"testredirect0015\",\"setcook\":\"monitortest142\",\"contenttype\": \"content-type\",\"responsebody\": \"testredirect0014002\"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com:180/go + ${stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.iceo.com.cn/renwu2013/ + ... ELSE Create List http://www.iceo.com.cn/renwu2013/ + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + Should Be Equal As Strings ${returnvalue} true + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy.robot/ReplaceTests.robot b/01-TestCase/tsg_adc/api_proxy.robot/ReplaceTests.robot new file mode 100644 index 0000000..3b5e288 --- /dev/null +++ b/01-TestCase/tsg_adc/api_proxy.robot/ReplaceTests.robot @@ -0,0 +1,673 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} url=${url} profiledId=${profiledId} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/responsepages +${profiledId} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-Replace-00001 + [Tags] Replace IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=wordpress.com/contact/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"Artificial","replace_with":"明天你好"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "destidotcom.wordpress.com/contact/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00001.bat + ... ELSE set variable curl -kv https://destidotcom.wordpress.com/contact/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 明天你好 Tango Secure Gateway CA + ... ELSE Create List 明天你好 Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host destidotcom.wordpress.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Replace-00002 + [Tags] Replace IP HTTP URL HOST + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=airastana.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*stana.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_req_uri","find":"Kop-baghytty-ushu","replace_with":"Arnaiy-usynystar"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "airastana.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "airastana.com/kaz/kk-kz/Josparlau/Kop-baghytty-ushu"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00002.bat + ... ELSE set variable curl -kv https://airastana.com/kaz/kk-kz/Josparlau/Kop-baghytty-ushu + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host airastana.com + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Replace-00003 + [Tags] Replace IP HTTP URL User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=headlines/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.ino.com/news/headlines/"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00004.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'https://www.baidu.com/' https://www.ino.com/news/headlines/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA + ... ELSE Create List text/json Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.ino.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Replace-http-00004 + [Tags] Replace IP HTTP URL Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=ghzq/index.html isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=html isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.ghzq.com.cn/ghzq/index.html"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "html","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00008.bat + ... ELSE set variable curl -kv http://www.ghzq.com.cn/ghzq/index.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json + ... ELSE Create List text/json + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.ghzq.com.cn + Should Be Equal As Strings ${returnvalue} true + + +ProxyPolicy-Replace-http-00005 + [Tags] Replace IP HTTP URL Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=welcome-to-canyonlands-national-park/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.national-park.com/welcome-to-canyonlands-national-park/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00012.bat + ... ELSE set variable curl -kv --cookie "lQfQ_2132_saltkey=t8WY1oPe; lQfQ_2132_lastvisit=1595381790; lQfQ_2132_sid=vqXOg6; lQfQ_2132_lastact=1595385400%09forum.php%09image" --referer 'https://www.baidu.com/' \ https://www.national-park.com/welcome-to-canyonlands-national-park/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA + ... ELSE Create List text/json Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.national-park.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Replace-http-00006 + [Tags] Replace IP HTTP URL Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=www.classicvacations.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=AWSALB* isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.classicvacations.com/collections/all-inclusive"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "AWSALBCORS=","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00013_3.bat + ... ELSE set variable curl -kv https://www.classicvacations.com/collections/all-inclusive + ${stringlist} run keyword if '${systemType}'=='Windows' Create List classicvacations Tango Secure Gateway CA + ... ELSE Create List classicvacations Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.classicvacations.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Replace-http-00006 + [Tags] Replace IP HTTP 最大组合1 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*engadget.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=*gaming/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=__stripe_sid isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=Domain=.engadget.com isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.engadget.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.engadget.com/gaming/"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "__stripe_sidafdsvxvx","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.engadget.com","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} ${req_hdr_ck} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00014.bat + ... ELSE set variable curl -kv -L --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.engadget.com/gaming/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA + ... ELSE Create List text/json Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.engadget.com + Should Be Equal As Strings ${returnvalue} true + +ProxyPolicy-Replace-http-00007 + [Tags] Replace IP HTTP 最大组合2 + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*engadget.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=*gaming/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=text isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + + Comment 创建Replace策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + ${policyIds1} set Variable ${policyId1}[0][policyIds][0] + + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.engadget.com"} + ${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.engadget.com/gaming/"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset=text","district": "Content-Type"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0fsfwhh","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn} ${req_hdr_ua} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_replace_00014.bat + ... ELSE set variable curl -kv -L --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.engadget.com/gaming/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA + ... ELSE Create List text/json Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds1} + ${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.engadget.com + Should Be Equal As Strings ${returnvalue} true + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_proxy/AllowHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/AllowHttpTests.robot deleted file mode 100644 index b560b2b..0000000 --- a/01-TestCase/tsg_adc/api_proxy/AllowHttpTests.robot +++ /dev/null @@ -1,702 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt -Variables ../../../05-Other/variable/policy/apipolicyrequesttest2.py -Resource ../../../02-Keyword/tsg_bfapi/policy/ApiPolicyRequest.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-Allow-Http-00001 - [Tags] Allow IP FQDN DENY HTTP pxy_manipulation - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - #创建对象FQDN - #${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"hbn_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_001_FQDN_OBJ} - log ${object_FQDN_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #创建对象 URL - #${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"hbn_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_URL_Id} AddObjectData 1 ${Allow_Http_001_URL_OBJ} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id} - #创建对象 UA - #${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"hbn_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_UA_Id} AddObjectData 1 ${Allow_Http_001_UA_OBJ} - log ${object_UA_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - #${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"hbn_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_SC_Id} AddObjectData 1 ${Allow_Http_001_SC_OBJ} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - log ${objectids} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #从变量文件中加载的新增策略的JSON串 - log ${Allow_Http_001_SECURITY_POLICY} - #替换策略中的引用内容,需要在变量文件中提前固定内容 - #替换策略中的引用内容,源、目的对象对象引用 - ${Allow_Http_001_SECURITY_POLICY} Replace String ${Allow_Http_001_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_001_SECURITY_POLICY} Replace String ${Allow_Http_001_SECURITY_POLICY} Allow_Http_001_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_001_SECURITY_POLICY} Replace String ${Allow_Http_001_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-San_IP+FQDN - log ${Allow_Http_001_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId1} AddPolicyData 1 ${Allow_Http_001_SECURITY_POLICY} - #新增对象添加到删除策略列表,及时添加避免后面异常导致遗留垃圾数据 - #${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyid}]} - #${policyIds} Create List ${policyId1} - # ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建 Deny 管控搭配Allow - # ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #log ${addPolicyStr} - #${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId1} - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} Allow_Http_001_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} Allow_Http_001_URL_OBJ ${object_URL_Id} - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} Allow_Http_001_UA_OBJ ${object_UA_Id} - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} Allow_Http_001_SC_OBJ ${object_SC_Id} - #替换策略中的策略名称 - ${Allow_Http_001_DenyProxy_POLICY} Replace String ${Allow_Http_001_DenyProxy_POLICY} policyNameautotest ProxyPolicy-Deny-Http-00001 - log ${Allow_Http_001_DenyProxy_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId2} AddPolicyData 1 ${Allow_Http_001_DenyProxy_POLICY} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} ${policyIds2} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} Allow_Http_001_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} Allow_Http_001_URL_OBJ ${object_URL_Id} - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} Allow_Http_001_UA_OBJ ${object_UA_Id} - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} Allow_Http_001_SC_OBJ ${object_SC_Id} - #替换策略中的策略名称 - ${Allow_Http_001_AllowProxy_POLICY} Replace String ${Allow_Http_001_AllowProxy_POLICY} policyNameautotest ProxyPolicy-Allow-Http-00001 - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_001_AllowProxy_POLICY} - #${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} - ${policyIds} Create List ${policyId2} ${policyId1} - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl --header "User-Agent:Mozilla/5.0" \ -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.sinovision.net/ - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host sinovision - -ProxyPolicy-allow-http-00002 - [Tags] allow redirect http IP+cat+url+请求UA+应答CT - #创建对象IP - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - #创建fqdn - #${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_002_FQDN_OBJ} - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[ {"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001", "policyType":"tsg_security", "action":"intercept","userTags":"", "doBlacklist":0, "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add", "returnData":1, "policyList":[ {"policyId":"","isValid":1, "policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security", "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":[ {"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001", "policyType":"tsg_security", "action":"intercept","userTags":"", "doBlacklist":0, "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${rescode} ${policyId} AddPolicy ${addPolicyStr} - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Http-00002 - log ${Allow_Http_002_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_002_SECURITY_POLICY} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - #${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_002_URL_OBJ} - log ${object_url_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_url_Id} - #创建UA对象 - #${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id} - ${rescode} ${object_UA_Id} AddObjectData 1 ${Allow_Http_002_UA_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建CT对象 - #${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - #${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id} - ${rescode} ${object_CT_Id} AddObjectData 1 ${Allow_Http_002_CT_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} Allow_Http_002_URL_OBJ ${object_URL_Id} - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} Allow_Http_002_UA_OBJ ${object_UA_Id} - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} Allow_Http_002_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_002_AllowProxy_POLICY} Replace String ${Allow_Http_002_AllowProxy_POLICY} policyNameautotest ProxyPolicy-allow-Http-00002 - log ${Allow_Http_002_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_002_AllowProxy_POLICY} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #${policyIds} Create List ${policyId1} ${policyId2} - #创建Redirect策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} Allow_Http_002_URL_OBJ ${object_URL_Id} - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} Allow_Http_002_UA_OBJ ${object_UA_Id} - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} Allow_Http_002_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_002_RedirectProxy_POLICY} Replace String ${Allow_Http_002_RedirectProxy_POLICY} policyNameautotest ProxyPolicy-Redirect-Http-00002 - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_002_RedirectProxy_POLICY} - #${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4},${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' Set Variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat - ... ELSE Set Variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center - ${stringlist} Create List 美国中文网 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net - -ProxyPolicy-allow-http-00003 - [Tags] allow hijack http IP+fqdn+url+请求CK+应答SK - #创建fqdn - #${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_003_FQDN_OBJ} - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #${rescode} ${policyId} AddPolicy ${addPolicyStr} - ${Allow_Http_003_SECURITY_POLICY} Replace String ${Allow_Http_003_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_003_SECURITY_POLICY} Replace String ${Allow_Http_003_SECURITY_POLICY} Allow_Http_003_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_003_SECURITY_POLICY} Replace String ${Allow_Http_003_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Http-00003 - log ${Allow_Http_003_SECURITY_POLICY} - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_003_SECURITY_POLICY} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - #${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_003_URL_OBJ} - log ${object_url_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建ck对象 - #${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_CK_Id} AddObjectData 1 ${Allow_Http_003_CK_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建SK对象 - #${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${rescode} ${object_SK_Id} AddObjectData 1 ${Allow_Http_003_SK_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id} - #创建allow策略 - log ${Allow_Http_003_AllowProxy_POLICY} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} Allow_Http_003_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} Allow_Http_003_URL_OBJ ${object_url_Id} - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} Allow_Http_003_CK_OBJ ${object_CK_Id} - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} Allow_Http_003_SK_OBJ ${object_SK_Id} - #替换策略中的策略名称 - ${Allow_Http_003_AllowProxy_POLICY} Replace String ${Allow_Http_003_AllowProxy_POLICY} policyNameautotest ProxyPolicy-allow-Http-00003 - log ${Allow_Http_003_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_003_AllowProxy_POLICY} - #${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建hijack策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} Allow_Http_003_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} Allow_Http_003_URL_OBJ ${object_url_Id} - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} Allow_Http_003_CK_OBJ ${object_CK_Id} - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} Allow_Http_003_SK_OBJ ${object_SK_Id} - #替换策略中的策略名称 - ${Allow_Http_003_HijackProxy_POLICY} Replace String ${Allow_Http_003_HijackProxy_POLICY} policyNameautotest ProxyPolicy-Hijack-Http-00003 - log ${Allow_Http_003_HijackProxy_POLICY} - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_003_HijackProxy_POLICY} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_00003.bat - ... ELSE set variable curl --cookie "heroku-session-affinity=AECDaANoA24IAbeY0aj9//8HYgAMck5iAAuUrWEDbAAAAANtAAAABXdlYi4ybQAAAAV3ZWIuM20AAAAFd2ViLjFqU0KSOo6kvo8k/2myOIB5QkNaXcQ_; PLAY_SESSION=599f1e4b09775de6f84c720a038e9064cf00cc72-session_id=75f81f40-3e00-47eb-bbe3-b5b955ee4737; _ga=GA1.2.2094891418.1609815699; _gid=GA1.2.85860013.1609815699; __gads=ID=45fe78debc84c3d9-223c71f687c5004f:T=1609815699:RT=1609815699:S=ALNI_MYqjuHOZyDEbxapCxOTUTNsVkpOdA" --referer 'http://www.baidu.com/' http://www.nymbler.com - ${stringlist} Create List Boy - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host nymbler.com - -ProxyPolicy-Allow-Http-00004 - [Tags] Allow Insert IP FQDN URL 请求UA+返回Content-Type Insert HTTP pxy_manipulation - #创建对象IP - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - #创建对象FQDN - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_007_FQDN_OBJ} - log ${object_FQDN_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #创建对象 URL - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_007_URL_OBJ} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建请求头UA - ${rescode} ${object_UA_Id} AddObjectData 1 ${Allow_Http_007_UA_OBJ} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建返回头CT - ${rescode} ${object_CT_Id} AddObjectData 1 ${Allow_Http_007_CT_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - Comment 创建 拦截策略 - ${Allow_Http_007_SECURITY_POLICY} Replace String ${Allow_Http_007_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_007_SECURITY_POLICY} Replace String ${Allow_Http_007_SECURITY_POLICY} Allow_Http_007_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_007_SECURITY_POLICY} Replace String ${Allow_Http_007_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Http-00004 - log ${Allow_Http_007_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_007_SECURITY_POLICY} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 创建 Allow策略 - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} Allow_Http_007_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} Allow_Http_007_URL_OBJ ${object_URL_Id} - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} Allow_Http_007_UA_OBJ ${object_UA_Id} - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} Allow_Http_007_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_007_AllowProxy_POLICY} Replace String ${Allow_Http_007_AllowProxy_POLICY} policyNameautotest ProxyPolicy-allow-Http-00004 - log ${Allow_Http_007_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_007_AllowProxy_POLICY} - Comment 创建Insert策略 - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} Allow_Http_007_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} Allow_Http_007_URL_OBJ ${object_URL_Id} - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} Allow_Http_007_UA_OBJ ${object_UA_Id} - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} Allow_Http_007_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_007_InsertProxy_POLICY} Replace String ${Allow_Http_007_InsertProxy_POLICY} policyNameautotest ProxyPolicy-Insert-Http-00004 - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_007_InsertProxy_POLICY} - #${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4},${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - # ${commandstr} run keyword if '${systemType}'=='Windows' Set Variable ${curlbatpath}/ProxyPolicy_allow_http00004.bat - # ... ELSE Set Variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.government.kz - # ${stringlist} Create List Max-Age=7200 - # ${starttime} Get Time - # Sleep ${policyVerificationSleepSeconds}s - # ${rescode} SystemCommands ${commandstr} ${stringlist} - # Sleep ${policyLogVerificationSleepSeconds}s - # ${endtime} Get Time - # log ${rescode} - # ${s} Convert to String ${policyId3} - # GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host government - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36"\ \-I\ \-m\ \10\ \-o\ \/dev/null\ \-s\ \-w\ \ \%{http_code}\ \http://www.government.kz/ - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host government -ProxyPolicy-allow-http-00005 - [Tags] allow http fqdn+url - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - #创建fqdn - #${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_004_FQDN_OBJ} - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}]} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[]"appObjectIdArray":[2]}]} - #${rescode} ${policyId} AddPolicy ${addPolicyStr} - ${Allow_Http_004_SECURITY_POLICY} Replace String ${Allow_Http_004_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_004_SECURITY_POLICY} Replace String ${Allow_Http_004_SECURITY_POLICY} Allow_Http_004_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_004_SECURITY_POLICY} Replace String ${Allow_Http_004_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Http-00005 - log ${Allow_Http_004_SECURITY_POLICY} - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_004_SECURITY_POLICY} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - #${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_004_URL_OBJ} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - ${Allow_Http_004_AllowProxy_POLICY} Replace String ${Allow_Http_004_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_004_AllowProxy_POLICY} Replace String ${Allow_Http_004_AllowProxy_POLICY} Allow_Http_004_FQDN_OBJ ${object_FQDN_Id} - ${Allow_Http_004_AllowProxy_POLICY} Replace String ${Allow_Http_004_AllowProxy_POLICY} Allow_Http_004_URL_OBJ ${object_url_Id} - #替换策略中的策略名称 - ${Allow_Http_004_AllowProxy_POLICY} Replace String ${Allow_Http_004_AllowProxy_POLICY} policyNameautotest Allow_Http_005_AllowProxy_POLICY - log ${Allow_Http_004_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_004_AllowProxy_POLICY} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建replace策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - ${Allow_Http_004_ReplaceProxy_POLICY} Replace String ${Allow_Http_004_ReplaceProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_004_ReplaceProxy_POLICY} Replace String ${Allow_Http_004_ReplaceProxy_POLICY} Allow_Http_004_FQDN_OBJ ${object_FQDN_Id} - ${Allow_Http_004_ReplaceProxy_POLICY} Replace String ${Allow_Http_004_ReplaceProxy_POLICY} Allow_Http_004_URL_OBJ ${object_url_Id} - #替换策略中的策略名称 - ${Allow_Http_004_ReplaceProxy_POLICY} Replace String ${Allow_Http_004_ReplaceProxy_POLICY} policyNameautotest Allow_Http_005_ReplaceProxy_POLICY - log ${Allow_Http_004_ReplaceProxy_POLICY} - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_004_ReplaceProxy_POLICY} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00005.bat - ... ELSE set variable curl -kv http://www.ccb.com/cn/home/indexv3.html - ${stringlist} Create List 电子银行开通 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.ccb.com - -ProxyPolicy-Allow-Http-00006 - [Tags] Allow IP FQDN Monitor IP+URL DENY HTTP pxy_manipulation - #创建对象IP - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - #创建对象FQDN - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_008_FQDN_OBJ} - log ${object_FQDN_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #创建对象 URL - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_008_URL_OBJ} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建请求头UA - ${rescode} ${object_CK_Id} AddObjectData 1 ${Allow_Http_008_CK_OBJ} - log ${object_CK_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建返回头CT - ${rescode} ${object_CT_Id} AddObjectData 1 ${Allow_Http_008_CT_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - Comment 创建 拦截策略 - ${Allow_Http_008_SECURITY_POLICY} Replace String ${Allow_Http_008_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_008_SECURITY_POLICY} Replace String ${Allow_Http_008_SECURITY_POLICY} Allow_Http_008_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_008_SECURITY_POLICY} Replace String ${Allow_Http_008_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Https-00006 - log ${Allow_Http_008_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_008_SECURITY_POLICY} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 创建 Allow策略 - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} Allow_Http_008_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} Allow_Http_008_URL_OBJ ${object_URL_Id} - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} Allow_Http_008_CK_OBJ ${object_CK_Id} - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} Allow_Http_008_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_008_AllowProxy_POLICY} Replace String ${Allow_Http_008_AllowProxy_POLICY} policyNameautotest ProxyPolicy-allow-Http-00006 - log ${Allow_Http_008_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_008_AllowProxy_POLICY} - Comment 创建Monitor策略 - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} Allow_Http_008_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} Allow_Http_008_URL_OBJ ${object_URL_Id} - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} Allow_Http_008_CK_OBJ ${object_CK_Id} - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} Allow_Http_008_CT_OBJ ${object_CT_Id} - #替换策略中的策略名称 - ${Allow_Http_008_MonitorProxy_POLICY} Replace String ${Allow_Http_008_MonitorProxy_POLICY} policyNameautotest ProxyPolicy-Monitor-Http-00006 - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_008_MonitorProxy_POLICY} - #${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4},${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl --cookie "Hm_lvt_0e5354ed9276830b03eeb9f70b8a6ddf=1609842683; Hm_lpvt_0e5354ed9276830b03eeb9f70b8a6ddf=1609842683"\ \-I\ \-m\ \10\ \-o\ \/dev/null\ \-s\ \-w\ \ \%{http_code}\ \http://www.dadou.com/ - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host dadou - -roxyPolicy-allow-http-00008 - [Tags] allow IP+FQDN+UA+SK+URL http - #创建ip - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - #创建fqdn - #${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_002_FQDN_OBJ} - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_002_SECURITY_POLICY} Replace String ${Allow_Http_002_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Https-00008 - log ${Allow_Http_002_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_002_SECURITY_POLICY} - #${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - #${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_002_URL_OBJ} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - #${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_UA_Id} AddObjectData 1 ${Allow_Http_002_UA_OBJ} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建sk对象 - #${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_SK_Id} AddObjectData 1 ${Allow_Http_005_SK_OBJ} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} Allow_Http_002_URL_OBJ ${object_URL_Id} - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} Allow_Http_002_UA_OBJ ${object_UA_Id} - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} Allow_Http_005_SK_OBJ ${object_SK_Id} - #替换策略中的策略名称 - ${Allow_Http_005_AllowProxy_POLICY} Replace String ${Allow_Http_005_AllowProxy_POLICY} policyNameautotest ProxyPolicy-allow-Http-00008 - log ${Allow_Http_005_AllowProxy_POLICY} - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_005_AllowProxy_POLICY} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - # 创建Redirect策略 - # ${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} Allow_Http_002_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} Allow_Http_002_URL_OBJ ${object_URL_Id} - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} Allow_Http_002_UA_OBJ ${object_UA_Id} - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} Allow_Http_005_SK_OBJ ${object_SK_Id} - #替换策略中的策略名称 - ${Allow_Http_005_RedirectProxy_POLICY} Replace String ${Allow_Http_005_RedirectProxy_POLICY} policyNameautotest ProxyPolicy-Redirect-Http-00008 - ${returncode} ${policyId4} AddPolicyData 1 ${Allow_Http_005_RedirectProxy_POLICY} - #${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00008.bat - ... ELSE set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/ - ${stringlist} Create List 美国中文网 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net - -ProxyPolicy-Allow-Http-00009 - [Tags] Allow IP FQDN IP+URL DENY HTTP pxy_manipulation - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_IP_Id} AddObjectData 1 ${Allow_Http_IP_OBJ} - ${objectids} Set Variable ${object_IP_Id} - log ${object_IP_Id} - #创建对象FQDN - #${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_FQDN_Id} AddObjectData 1 ${Allow_Http_006_FQDN_OBJ} - log ${object_FQDN_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #创建对象 URL - #${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - ${rescode} ${object_url_Id} AddObjectData 1 ${Allow_Http_006_URL_OBJ} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id} - Comment 创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - # ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${Allow_Http_006_SECURITY_POLICY} Replace String ${Allow_Http_006_SECURITY_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_006_SECURITY_POLICY} Replace String ${Allow_Http_006_SECURITY_POLICY} Allow_Http_006_FQDN_OBJ ${object_FQDN_Id} - #替换策略中的策略名称 - ${Allow_Http_006_SECURITY_POLICY} Replace String ${Allow_Http_006_SECURITY_POLICY} policyNameautotest SecurityPolicy-Intercept-Http-00009 - log ${Allow_Http_002_SECURITY_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId} AddPolicyData 1 ${Allow_Http_006_SECURITY_POLICY} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 创建 Deny 管控搭配Allow - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # log ${addPolicyStr} - # ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${Allow_Http_006_DenyProxy_POLICY} Replace String ${Allow_Http_006_DenyProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_006_DenyProxy_POLICY} Replace String ${Allow_Http_006_DenyProxy_POLICY} Allow_Http_006_FQDN_OBJ ${object_FQDN_Id} - ${Allow_Http_006_DenyProxy_POLICY} Replace String ${Allow_Http_006_DenyProxy_POLICY} Allow_Http_006_URL_OBJ ${object_URL_Id} - #替换策略中的策略名称 - ${Allow_Http_006_DenyProxy_POLICY} Replace String ${Allow_Http_006_DenyProxy_POLICY} policyNameautotest Allow_Http_009_DenyProxy_POLICY - log ${Allow_Http_006_DenyProxy_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId2} AddPolicyData 1 ${Allow_Http_006_DenyProxy_POLICY} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - log ${policyId2} - ${policyIds} Create List ${policyId1} ${policyIds2} - Comment 创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - # ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - ${Allow_Http_006_AllowProxy_POLICY} Replace String ${Allow_Http_006_AllowProxy_POLICY} Allow_Http_IP_OBJ ${object_IP_Id} - #替换策略中的引用内容,filter,sni对象对象引用 - ${Allow_Http_006_AllowProxy_POLICY} Replace String ${Allow_Http_006_AllowProxy_POLICY} Allow_Http_006_FQDN_OBJ ${object_FQDN_Id} - ${Allow_Http_006_AllowProxy_POLICY} Replace String ${Allow_Http_006_AllowProxy_POLICY} Allow_Http_006_URL_OBJ ${object_URL_Id} - #替换策略中的策略名称 - ${Allow_Http_006_AllowProxy_POLICY} Replace String ${Allow_Http_006_AllowProxy_POLICY} policyNameautotest Allow_Http_009_AllowProxy_POLICY - log ${Allow_Http_006_AllowProxy_POLICY} - #add Policy,return statuscode,policyid 多个返回以逗号分隔 - ${returncode} ${policyId3} AddPolicyData 1 ${Allow_Http_006_AllowProxy_POLICY} - log ${policyId3} - ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - ${starttime} Get Time - Comment 功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://poplar.ru - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host poplar.ru - - diff --git a/01-TestCase/tsg_adc/api_proxy/AllowSSLTests.robot b/01-TestCase/tsg_adc/api_proxy/AllowSSLTests.robot deleted file mode 100644 index eef49d2..0000000 --- a/01-TestCase/tsg_adc/api_proxy/AllowSSLTests.robot +++ /dev/null @@ -1,371 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt - - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-allow-ssl-00001 - [Tags] allow ssl IP+FQDN+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jianshu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "mobile" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建deny策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat - ... ELSE set variable curl -kv https://www.jianshu.com/mobile/club - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com - - -ProxyPolicy-allow-ssl-00004 - [Tags] allow ssl IP+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*douyin.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "platform" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建insert策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00004.bat - ... ELSE set variable curl -kv https://open.douyin.com/platform - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host douyin.com - - -ProxyPolicy-allow-ssl-00006 - [Tags] allow ssl 请求UA+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.zealer.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "register" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建monitor策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00006.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zealer.com/account/register - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zealer.com - -ProxyPolicy-allow-ssl-00007 - [Tags] allow ssl 应答CT+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*yhd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "passport" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00007.bat - ... ELSE set variable curl -kv https://passport.yhd.com/passport/login_input.do - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host yhd.com - -ProxyPolicy-allow-ssl-00009 - [Tags] allow ssl Sub_id+Category+CK+CT+URL - # #创建SUB - # ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # log ${object_SUB_Id} - # #删除对象 - # ${objectids} set Variable ${object_SUB_Id} - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*weibo.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "weibo" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建ck对象 - ${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SINAGLOBAL"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建deny策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat - ... ELSE set variable curl -kv https://www.jianshu.com/mobile/club - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com - -ProxyPolicy-allow-ssl-00010 - [Tags] allow ssl IP+FQDN(英文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*youtube.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建allow策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - #创建deny策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00010.bat - ... ELSE set variable curl -kv https://youtube.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host youtube.com - -ProxyPolicy-allow-ssl-00011 - [Tags] allow ssl IP+url(俄文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - Comment 创建allow策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - ${policyIds} Create List ${policyId1} ${policyId2} - Comment 创建deny策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId4} AddPolicy ${addPolicyStr} - log ${policyId4} - ${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]} - Comment 删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId5} - Comment 功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00011.bat - ... ELSE set variable curl -kv https://zakon.kz/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host zakon.kz diff --git a/01-TestCase/tsg_adc/api_proxy/DenyHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/DenyHttpTests.robot deleted file mode 100644 index eba2f15..0000000 --- a/01-TestCase/tsg_adc/api_proxy/DenyHttpTests.robot +++ /dev/null @@ -1,266 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot -Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot -Resource ../../../02-Keyword/tsg_bfapi/Common.robot - - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} -${url} /policy/profile/responsepages -${profiledId} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-deny-http-00002 - [Tags] deny IP+cat+url+请求UA+应答CT - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat - #${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html - ${stringlist} Create List X-TG-Construct-By: tfe The requested resource could not be found but may be available again in the future test - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb.com - -ProxyPolicy-deny-http-00003 - [Tags] deny IP+cat+url+请求CK+应答SK验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建ck对象 - ${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建SK对象 - ${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat - ... ELSE set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com - #This request may not be serviced due to the regulations of your residency (TFE-2867:Русскийязык). - #${stringlist} Create List Русскийязык - ${stringlist} Create List X-TG-Construct-By: tfe Error 451 This request may not be serviced due to the regulations of your residency (TFE Русскийязык). - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com - -ProxyPolicy-deny-http-00006 - [Tags] deny fqdn+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat - ... ELSE set variable curl -kv http://www.xiaozhu.com/#ongo/ - #${stringlist} Create List 404 - ${stringlist} Create List X-TG-Construct-By: tfe 对不起,您请求的页面不存在、或已被删除、或暂时不可用 404-对不起!您访问的页面不存在 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.xiaozhu.com - -ProxyPolicy-deny-http-00009 - [Tags] deny 请求body+url selfserver - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "body" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk - ${commandstr} run keyword if '${systemType}'=='Windows' set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk - ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&resBody=Response Body" http://open.node.com/action - ${stringlist} Create List - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com - -ProxyPolicy-deny-http-00013 - [Tags] deny 请求body(中文)+url selfserver - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "明天你好" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk - ${commandstr} run keyword if '${systemType}'=='Windows' set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk - ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action - ${stringlist} Create List Error 404 The requested resource could not be found but may be available again in the future (TFE 404NotFind). - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com diff --git a/01-TestCase/tsg_adc/api_proxy/DenySSLTests.robot b/01-TestCase/tsg_adc/api_proxy/DenySSLTests.robot deleted file mode 100644 index 3e2c4da..0000000 --- a/01-TestCase/tsg_adc/api_proxy/DenySSLTests.robot +++ /dev/null @@ -1,409 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy Proxy_Deny_SSL -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt -Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot -Resource ../../../02-Keyword/tsg_bfapi/Common.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} -${url} /policy/profile/responsepages -${profiledId} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-deny-ssl-00001 - [Tags] deny IP+FQDN+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*lianjia.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ershoufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat - ... ELSE set variable curl -kv https://bj.lianjia.com/ershoufang/ - - ${stringlist} Create List 403 Forbidden Tango Secure Gateway CA Access Denied Error 403 The requested resource requires an authentication (TFE 123456). - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host lianjia.com - - -ProxyPolicy-deny-ssl-00004 - [Tags] deny IP+FQDN+应答body - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ke.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "zufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "北京贝壳网" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_deny_ssl00004.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_deny_ssl00004.bat - ... ELSE set variable curl -kv https://bj.zu.ke.com/zufang - ${stringlist} Create List Tango Secure Gateway CA TLSv1.2 (IN), TLS alert, close notify (256) - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host bj.zu.ke.com - -ProxyPolicy-deny-ssl-00005 - [Tags] deny ip+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat - ... ELSE set variable curl -kv https://www.toutiao.com/ch/news_hot/ - ${stringlist} Create List Tango Secure Gateway CA - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна - - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.toutiao.com - - -ProxyPolicy-deny-ssl-00007 - [Tags] deny 请求UA+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/ - - ${stringlist} Create List Tango Secure Gateway CA 451 Unavailable For Legal Reasons X-TG-Construct-By: tfe 404 sorry! The page you visited does not exist - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.gamersky.com - -ProxyPolicy-deny-ssl-00008 - [Tags] deny 应答CT+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*nationalbank.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "nationalbank" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat - ... ELSE set variable curl -kv https://nationalbank.kz/ - - ${stringlist} Create List Tango Secure Gateway CA 403 Forbidden X-TG-Construct-By: tfe 404 sorry! The page you visited does not exist - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host nationalbank.kz - - -ProxyPolicy-deny-ssl-00010 - [Tags] deny SUB+fqdn - #创建SUB - #${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #log ${object_SUB_Id} - #删除对象 - #${objectids} set Variable ${object_SUB_Id} - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*weibo.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation", "action":"deny","userTags":"","doBlacklist":0,"doLog":1, "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] } - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证证书问题 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory - ${stringlist} Create List Tango Secure Gateway CA 404 X-TG-Construct-By: tfe The page you visited does not exist - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host weibo.com - -ProxyPolicy-deny-ssl-00011 - [Tags] deny ip+fqdn(英文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*facebook.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00011.bat - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00011.bat - ... ELSE set variable curl -kv https://www.facebook.com/ - - ${stringlist} Create List Tango Secure Gateway CA - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host facebook.com - -ProxyPolicy-deny-ssl-00012 - [Tags] deny fqdn+url(俄文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*rutube.ru" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "rutube" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} set Variable ${object_FQDN_Id},${object_url_Id} - - #新增DenyResponsfile - ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages - ${profiledId} Get From Dictionary ${response} profileId - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00012 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00012.bat - ... ELSE set variable curl -kv https://rutube.ru/ - #curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=text/html;charset=utf-8&resBody=Response Body" https://open.node.com/action - ${stringlist} Create List Tango Secure Gateway CA - 404 запрошенная страница не существует или была удалена или временно недоступна - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host rutube.ru diff --git a/01-TestCase/tsg_adc/api_proxy/HijackHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/HijackHttpTests.robot deleted file mode 100644 index 373e4cb..0000000 --- a/01-TestCase/tsg_adc/api_proxy/HijackHttpTests.robot +++ /dev/null @@ -1,204 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-hijack-http-00002 - [Tags] hijack http IP+cat+url+请求UA+应答CT - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00002.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center - ${stringlist} Create List qwerrrrrrrrr - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net - -ProxyPolicy-hijack-http-00003 - [Tags] hijack http IP+cat+url+请求CK+应答SK - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建ck对象 - ${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建SK对象 - ${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00003.bat - ... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com - ${stringlist} Create List 1950 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com - - -ProxyPolicy-hijack-http-00005 - [Tags] hijack http fqdn+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00005.bat - ... ELSE set variable curl -kv http://www.ccb.com/cn/home/indexv3.html - ${stringlist} Create List 4.png - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.ccb.com - -ProxyPolicy-Hijack-Http-00006 - [Tags] Hijack Fqdn_Url_UA_SC - #png - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-Http-00001.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center - ${stringlist} Create List zmmpng - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net diff --git a/01-TestCase/tsg_adc/api_proxy/HijackSSLTests.robot b/01-TestCase/tsg_adc/api_proxy/HijackSSLTests.robot deleted file mode 100644 index c6ac639..0000000 --- a/01-TestCase/tsg_adc/api_proxy/HijackSSLTests.robot +++ /dev/null @@ -1,608 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-hijack-ssl-00001 - [Tags] hijack ssl IP+FQDN+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jianshu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "mobile" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat - ... ELSE set variable curl -kv https://www.jianshu.com/mobile/club - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com - - -ProxyPolicy-hijack-ssl-00004 - [Tags] hijack ssl IP+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*douyin.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "platform" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00004.bat - ... ELSE set variable curl -kv https://open.douyin.com/platform - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host douyin.com - - -ProxyPolicy-hijack-ssl-00006 - [Tags] hijack ssl 请求UA+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.zealer.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "register" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00006.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zealer.com/account/register - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zealer.com - -ProxyPolicy-hijack-ssl-00007 - [Tags] hijack ssl 应答CT+url验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*yhd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "passport" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00007.bat - ... ELSE set variable curl -kv https://passport.yhd.com/passport/login_input.do - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host yhd.com - -ProxyPolicy-hijack-ssl-00008 - [Tags] hijack ssl fqdn+url验证(英文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$twitter.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "twitter.com/login" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00008.bat - ... ELSE set variable curl -kv https://twitter.com/login - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host twitter.com - -ProxyPolicy-hijack-ssl-00009 - [Tags] hijack ssl 请求UA+url验证(俄文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*tengrinews.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "tengrinews.kz/zakon/" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00009.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://tengrinews.kz/zakon/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host tengrinews.kz - - -ProxyPolicy-Hijack-SSL-00010 - [Tags] Hijack SSL - #apk - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sogou.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00001.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://wap.sogou.com/ - ${stringlist} Create List qwerrrrrrrrr - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com - -ProxyPolicy-Hijack-SSL-00011 - [Tags] Hijack - #html - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou.co"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SUV="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"appObj"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00002.bat - ... ELSE set variable curl -kv --cookie "SUV=001417487B769DD85B65253149725433; SMYUV=1533629990235795; SUID=B30E65757C20940A000000005B6AF061; pgv_pvi=8797682688; ssuid=8017562563; tv_play_records=tvshow_2279123:20190405; LSTMV=312%2C176; LCLKINT=1391;" --referer 'http://www.baidu.com/' https://wap.sogou.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com - -ProxyPolicy-Hijack-SSL-00012 - [Tags] Hijack SSL - #apk - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*acebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["aceboo"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00003.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.facebook.com/ - ${stringlist} Create List qwerrrrrrrrr - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com - -ProxyPolicy-Hijack-SSL-00013 - [Tags] Hijack - #html - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*facebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["datr="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00004.bat - ... ELSE set variable curl -kv --cookie "fr=1yqofX6H5I9WihUHa..BegZGb.Ys.AAA.0.0.BegZGb.AWVMft0q; sb=m5GBXgM_o5OnaHBUE8Rrh3tM; datr=m5GBXjkoNsYzxI4ZBI3bAOYw; wd=2058x468" --referer 'http://www.baidu.com/' https://www.facebook.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com - -ProxyPolicy-Hijack-SSL-00014 - [Tags] Hijack SSL - #apk - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*akon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - #${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_SC_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00005.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zakon.kz/ - ${stringlist} Create List qwerrrrrrrrr - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz - -ProxyPolicy-Hijack-SSL-00015 - [Tags] Hijack - #html - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.zakon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["www.zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} set Variable ${object_Cat_Id},${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["__auc="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00006.bat - ... ELSE set variable curl -kv --cookie "__auc=872f19501711ae0020cae00e8d8; _ym_d=1585293823; _ym_uid=15852938231061175569; _ga=GA1.2.1046919061.1585293826; __gads=ID=1b694b3cc49e99df:T=1585293826:S=ALNI_MZIjruz8AFwPRVc6EuwOUp6UG2wyg; _zero_cc=z5e7daa056eb62; tmr_lvid=212dae53346bc4dd7232880a9834c5ac; tmr_lvidTS=1585293841169; GN_USER_ID_KEY=b8fa7cfc-aa09-4bf0-9312-e83d0a3e5448; tmr_reqNum=4; rel_val=600000; __asc=ea27801f1712a24de07f712cb52; _zero_ss=5e8192a7c0fff.1585549991.1585549991.1; _gid=GA1.2.1300673287.1585549992; _gat_gtag_UA_19108819_1=1" --referer 'http://www.baidu.com/' https://www.zakon.kz/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz diff --git a/01-TestCase/tsg_adc/api_proxy/InsertHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/InsertHttpTests.robot deleted file mode 100644 index 9157be8..0000000 --- a/01-TestCase/tsg_adc/api_proxy/InsertHttpTests.robot +++ /dev/null @@ -1,121 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc proxy_event -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt -Library Custometest - -*** Test Cases *** -ProxyPolicy-insert-Http-js-00001 - [Tags] insert - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-Http-00001.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center - ${stringlist} Create List RQ_SCRIPT - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net - -ProxyPolicy-insert-Http-css-00002 - [Tags] insert - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_Cat_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - #${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id},${object_CK_id},${object_SC_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-Http-00002.bat - ... ELSE set variable curl -kv --cookie "oKD0_802a_saltkey=GssJU4vd; oKD0_802a_lastvisit=1583299284; oKD0_802a_pvi=656927416; _ga=GA1.2.2008992591.1583302924; __qca=P0-416369031-1583302925459; oKD0_802a_chinacountry=1; oKD0_802a_si=s75975888; zh_choose=n; __gads=ID=9674dfcbea12038e:T=1585059647:S=ALNI_MYPPZN5Z_UthuylbEOqR-zno5YoHg; oKD0_802a_application_clientip=111.201.144.161; oKD0_802a_sid=va7jUV; oKD0_802a_lastact=1585234917%09portal.php%09index" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php? - ${stringlist} Create List RQ_SCRIPT - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net - diff --git a/01-TestCase/tsg_adc/api_proxy/InsertSSLTest.robot b/01-TestCase/tsg_adc/api_proxy/InsertSSLTest.robot deleted file mode 100644 index f0c5e82..0000000 --- a/01-TestCase/tsg_adc/api_proxy/InsertSSLTest.robot +++ /dev/null @@ -1,346 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc proxy_event -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt -Library Custometest - -*** Test Cases *** -ProxyPolicy-insert-SSL-js-00001 - [Tags] insert SSL - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sogou.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00001.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://wap.sogou.com/ - ${stringlist} Create List RQ_SCRIPT - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com - -ProxyPolicy-insert-SSL-css-00002 - [Tags] insert - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou.co"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SUV="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00002.bat - ... ELSE set variable curl -kv --cookie "SUV=001417487B769DD85B65253149725433; SMYUV=1533629990235795; SUID=B30E65757C20940A000000005B6AF061;" --referer 'http://www.baidu.com/' https://wap.sogou.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com - -ProxyPolicy-insert-SSL-js-00003 - [Tags] insert - #apk - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*acebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["aceboo"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - ${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SC_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00003.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.facebook.com/ - ${stringlist} Create List RQ_SCRIPT - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com - -ProxyPolicy-insert-SSL-css-00004 - [Tags] insert - #html - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*facebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["datr="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00004.bat - ... ELSE set variable curl -kv --cookie "fr=1yqofX6H5I9WihUHa..BegZGb.Ys.AAA.0.0.BegZGb.AWVMft0q; sb=m5GBXgM_o5OnaHBUE8Rrh3tM; datr=m5GBXjkoNsYzxI4ZBI3bAOYw; wd=2058x468" --referer 'http://www.baidu.com/' https://www.facebook.com/ - ${stringlist} Create List RQ_SCRIPT - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com - -ProxyPolicy-insert-SSL-js-00005 - [Tags] insert - #apk - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象FQDN - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*akon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - ${objectids} set Variable ${object_FQDN_Id} - #创建对象 URL - ${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - #创建对象 UA - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_UA_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建对象 SC - #${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_SC_Id} - #${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00005.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zakon.kz/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz - -ProxyPolicy-insert-SSL-css-00006 - [Tags] insert - #html - #创建对象SubID - #${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_Subid_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 Category - ${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.zakon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Cat_Id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id} - ${objectids} set Variable ${object_Cat_Id} - #创建对象URL - ${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_URL_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id} - #创建对象CK - ${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["auc="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CK_id} - #${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id} - #创建对象CT - ${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id} - #创建 拦截策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ${rescode} ${policyId1} AddPolicy ${addPolicyStr} - ${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - #创建管控策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - log ${policyId2} - ${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} - ${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyIds1} ${policyIds2} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00006.bat - ... ELSE set variable curl -kv --cookie "__auc=872f19501711ae0020cae00e8d8; _ym_d=1585293823; _ym_uid=15852938231061175569; _ga=GA1.2.1046919061.1585293826; __gads=ID=1b694b3cc49e99df:T=1585293826:S=ALNI_MZIjruz8AFwPRVc6EuwOUp6UG2wyg; _zero_cc=z5e7daa056eb62; tmr_lvid=212dae53346bc4dd7232880a9834c5ac; tmr_lvidTS=1585293841169; GN_USER_ID_KEY=b8fa7cfc-aa09-4bf0-9312-e83d0a3e5448; tmr_reqNum=4; rel_val=600000; __asc=ea27801f1712a24de07f712cb52; _zero_ss=5e8192a7c0fff.1585549991.1585549991.1; _gid=GA1.2.1300673287.1585549992; _gat_gtag_UA_19108819_1=1" --referer 'http://www.baidu.com/' https://www.zakon.kz/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz diff --git a/01-TestCase/tsg_adc/api_proxy/RedirectHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/RedirectHttpTests.robot deleted file mode 100644 index 8ad4a8e..0000000 --- a/01-TestCase/tsg_adc/api_proxy/RedirectHttpTests.robot +++ /dev/null @@ -1,166 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy #Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/PolicyObjectDefault.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-Redirect-http-00002 - [Tags] Redirect IP+cat+url+请求UA+应答CT - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #新界面提交内容 {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":8718,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8720,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2]}} - #修改前备份${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP","protocol_version":{"allow_http2":0, "min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0, "protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through", "approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}]} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}]} - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat - #${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html - #${stringlist} Create List 业务申请 - ${stringlist} Create List Host: www.ccb.com 302 Found Location: https://www.jd.com/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb.com - -ProxyPolicy-Redirect-http-00003 - [Tags] Redirect IP+cat+url+请求CK+应答SK验证 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-http-00003-SecurityPolicy", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-http-00003-SecurityPolicy", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建ck对象 - ${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id} - #创建SK对象 - ${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat - #${commandstr} set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat - ... ELSE set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com - #${stringlist} Create List 手机小猪 - ${stringlist} Create List Host: www.xiaozhu.com Referer: http://www.baidu.com/ 301 Moved Permanently Location: https://open.douyin.com/platform - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com - -ProxyPolicy-Redirect-http-00006 - [Tags] Redirect fqdn+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat - #${commandstr} set variable curl -kv http://www.xiaozhu.com/#ongo/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat - ... ELSE set variable curl -kv http://www.xiaozhu.com/#ongo/ - #@{stringlist} set variable 短信快捷登录 html - ${stringlist} Create List Host: www.xiaozhu.com 302 Found Location: https://www.toutiao.com/ch/news_hot/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.xiaozhu.com diff --git a/01-TestCase/tsg_adc/api_proxy/RedirectSSLTests.robot b/01-TestCase/tsg_adc/api_proxy/RedirectSSLTests.robot deleted file mode 100644 index 2bbc5f9..0000000 --- a/01-TestCase/tsg_adc/api_proxy/RedirectSSLTests.robot +++ /dev/null @@ -1,437 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-Redirect-ssl-00001 - [Tags] Redirect IP+FQDN+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*lianjia.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"policyDesc":"${Default_PolicyDesc} ","effectiveRange":{"tag_sets":[[{"tag":"Location","value":["Almaty"],"ids":[2]},{"tag":"ISP","value":["transtel","tnsplus"],"ids":[5,6]}],[{"tag":"Location","value":["Nursurtan"],"ids":[3]},{"tag":"ISP","value":["ktel-mask","ktel-bng","ktel-mxpe"],"ids":[7,8,9]}]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":8718,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8716,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8719,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":8742,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[7],"appObjectIdArray":[3]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ershoufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat - #${commandstr} set variable curl -kv https://bj.lianjia.com/ershoufang/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat - ... ELSE set variable curl -kv https://bj.lianjia.com/ershoufang/ - ${stringlist} Create List Tango Secure Gateway CA Host: bj.lianjia.com 302 Found Location: https://www.bytedance.com/zh - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host lianjia.com - -ProxyPolicy-Redirect-ssl-00004 - [Tags] Redirect IP+FQDN+请求body selfserver - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "123456" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00004.bat - #${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00004.bat - ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 301 Moved Permanently Location: http://live.gushidaoshi.com/rank - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com - -ProxyPolicy-Redirect-ssl-00005 - [Tags] Redirect ip+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat - #${commandstr} set variable curl -kv https://www.toutiao.com/ch/news_hot/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat - ... ELSE set variable curl -kv https://www.toutiao.com/ch/news_hot/ - ${stringlist} Create List Tango Secure Gateway CA Host: www.toutiao.com 302 Found Location: http://video.cnfol.com/wptzj/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.toutiao.com - -ProxyPolicy-Redirect-ssl-00007 - [Tags] Redirect 请求UA+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat - #${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/ - ${stringlist} Create List Tango Secure Gateway CA Host: www.gamersky.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 301 Moved Permanently Location: http://video.cnfol.com/wptzj/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.gamersky.com - -ProxyPolicy-Redirect-ssl-00008 - [Tags] Redirect 应答CT+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*nationalbank.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "nationalbank" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat - #${commandstr} set variable curl -kv https://nationalbank.kz/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat - ... ELSE set variable curl -kv https://nationalbank.kz/ - ${stringlist} Create List Tango Secure Gateway CA Host: nationalbank.kz 302 Found Location: https://open.douyin.com/platform/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host nationalbank.kz - -ProxyPolicy-Redirect-ssl-00009 - [Tags] Redirect 请求body+url selfserver - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "123456" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00009.bat - #${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00009.bat - ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 301 Moved Permanently Location: https://open.douyin.com/platform/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com - -ProxyPolicy-Redirect-ssl-00010 - [Tags] Redirect IP+cat+url+请求UA+应答CT(英文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*twitch.tv" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "directory" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建UA对象 - ${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id} - #创建CT对象 - ${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat - #${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat - ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory - ${stringlist} Create List Tango Secure Gateway CA Host: www.twitch.tv User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 302 Found Location: https://vk.com/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host twitch.tv - -ProxyPolicy-Redirect-ssl-00011 - [Tags] Redirect IP+FQDN+url(俄文) - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.zakon.kz/top_news/" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00011.bat - #${commandstr} set variable curl -kv https://www.zakon.kz/top_news/ - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00011.bat - ... ELSE set variable curl -kv https://www.zakon.kz/top_news/ - ${stringlist} Create List Tango Secure Gateway CA Host: www.zakon.kz 301 Moved Permanently Location: https://www.nur.kz/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host zakon.kz - -ProxyPolicy-Redirect-ssl-00012 - [Tags] Redirect selfserver 请求body(俄文)+url - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建安全策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建body对象 - ${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "рускйсекс" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id} - #创建管控策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - #${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00012.bat - #${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00012.bat - ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action - ${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 302 Found Location: https://open.douyin.com/platform/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com diff --git a/01-TestCase/tsg_adc/api_proxy/ReplaceHttpTests.robot b/01-TestCase/tsg_adc/api_proxy/ReplaceHttpTests.robot deleted file mode 100644 index ef46096..0000000 --- a/01-TestCase/tsg_adc/api_proxy/ReplaceHttpTests.robot +++ /dev/null @@ -1,164 +0,0 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Proxy_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${PolicyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -ProxyPolicy-Replace-http-00001 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*zhu.com","subObjectIds":[],"addItemList":[{"keywordArray":["*zhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - #创建安全策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_xiaozhu.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["xiaozhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00001.bat - ... ELSE set variable curl -kv http://sz.xiaozhu.com/fangzi/6257935516.html - ${stringlist} Create List mao - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com - - -ProxyPolicy-Replace-http-00002 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00002_fqdn","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ya.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - #创建安全策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_ly.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["ya.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00002.bat - ... ELSE set variable curl -kv http://www.tianya.cn/ - ${stringlist} Create List 海角 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host tianya.cn - - -ProxyPolicy-Replace-http-00003 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*cn.com","subObjectIds":[],"addItemList":[{"keywordArray":["*cn.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - #创建安全策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_miercn.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["miercn.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00003.bat - ... ELSE set variable curl -kv http://military.miercn.com/ - ${stringlist} Create List b - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host miercn.com - -ProxyPolicy-Replace-http-00004 - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*room.com","subObjectIds":[],"addItemList":[{"keywordArray":["*room.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_FQDN_Id} - #创建安全策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}} - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除安全策略 - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - ${policyIds} Create List ${policyId1} - #创建管控对象url - ${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_ziroom.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["ziroom.com/life"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建管控策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} - ${rescode} ${policyId3} AddPolicy ${addPolicyStr} - log ${policyId3} - ${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} - #删除所有策略 - ${policyIds} Create List ${policyId1} ${policyId2} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00004.bat - ... ELSE set variable curl -kv http://www.ziroom.com/life/index - ${stringlist} Create List utf-8 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId3} - GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ziroom.com diff --git a/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot b/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot index 9367715..53225aa 100644 --- a/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot @@ -40,12 +40,11 @@ SecurityPolicy-Allow-DNS-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "103"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "32"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -73,6 +72,6 @@ SecurityPolicy-Allow-DNS-00001 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname www.facebook.com + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot b/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot index d482d10..ec7af0d 100644 --- a/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot @@ -2,7 +2,8 @@ Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} Force Tags tsg_adc tsg_security Library OperatingSystem -Library Selenium2Library +Library Selenium2Library +Library Custometest Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot @@ -12,7 +13,7 @@ Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot -Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} @@ -40,12 +41,11 @@ SecurityPolicy-Allow-FTP-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -65,12 +65,12 @@ SecurityPolicy-Allow-FTP-00001 Comment 功能端验证 ${FTP} FTP_login ftp://192.168.40.158/wlcsy.txt -u ftpuser:111111 中文文件内容 - run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail - ... ELSE should contain ${FTP} Fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_success + ... ELSE should contain ${FTP} success Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot b/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot index 6daa49c..b394fa7 100644 --- a/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowHttpTests.robot @@ -39,19 +39,19 @@ SecurityPolicy-Allow-Http-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} ${rescode} ${resData} VerifyPolicies ${verifyList} # 打印检查结果 ${objectid_verify} Set Variable ${objectids} - ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify} # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 log ${objectid_verify} ${testType} Evaluate type($objectid_verify) @@ -103,13 +103,13 @@ SecurityPolicy-Allow-Http-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "www.66rpg.com"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.66rpg.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -149,7 +149,7 @@ SecurityPolicy-Allow-Http-00003 ${objectids} set Variable ${objectId} Comment 创建url - ${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} @@ -167,13 +167,13 @@ SecurityPolicy-Allow-Http-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -193,8 +193,8 @@ SecurityPolicy-Allow-Http-00003 Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat - ${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID - ... ELSE Create List COVID + ${stringlist} run keyword if '${systemType}'=='Windows' Create List clintonairport.com + ... ELSE Create List clintonairport.com ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 @@ -220,7 +220,7 @@ SecurityPolicy-Allow-Http-00004 ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建url - ${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} @@ -238,14 +238,14 @@ SecurityPolicy-Allow-Http-00004 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} diff --git a/01-TestCase/tsg_adc/api_security/AllowMailTests.robot b/01-TestCase/tsg_adc/api_security/AllowMailTests.robot index 834da90..4a6489b 100644 --- a/01-TestCase/tsg_adc/api_security/AllowMailTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowMailTests.robot @@ -13,11 +13,13 @@ Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +Resource ../../../02-Keyword/tsg_common/StmpHandle.robot *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} *** Test Cases *** + SecurityPolicy-Allow-MAIL-00001 [Tags] Allow IP MAIL Comment 创建IP @@ -40,12 +42,11 @@ SecurityPolicy-Allow-MAIL-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "110"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "8004"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -76,12 +77,12 @@ SecurityPolicy-Allow-MAIL-00001 ${邮件正文} Set Variable Простопорно ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail - ... ELSE should contain ${发送邮件返回结果} fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account mail_from_cmd Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot b/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot index 92a8be0..f71adab 100644 --- a/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot @@ -40,12 +40,11 @@ SecurityPolicy-Allow-QUCI-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "2521"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} diff --git a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot index 6e05cf1..64b45fc 100644 --- a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot @@ -46,13 +46,13 @@ SecurityPolicy-Allow-SSL-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -107,12 +107,12 @@ SecurityPolicy-Allow-SSL-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -139,6 +139,6 @@ SecurityPolicy-Allow-SSL-00002 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni ssl_cn Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/AllowSipTests.robot b/01-TestCase/tsg_adc/api_security/AllowSipTests.robot index c9c8d83..ae94358 100644 --- a/01-TestCase/tsg_adc/api_security/AllowSipTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowSipTests.robot @@ -38,7 +38,7 @@ SecurityPolicy-Allow-SIP-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -67,7 +67,7 @@ SecurityPolicy-Allow-SIP-00001 # ${s} Convert to String ${policyIds} # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser # Should Be Equal As Strings ${returnvalue} true -SecurityPolicy-Allow-FTP-00002 +SecurityPolicy-Allow-SIP-00002 [Tags] Allow IP SIP Originator Description Responder Description Comment 创建IP ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 @@ -92,8 +92,8 @@ SecurityPolicy-Allow-FTP-00002 ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} - Comment 创建Deny策略 - ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID} + Comment 创建Allow策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] @@ -104,9 +104,9 @@ SecurityPolicy-Allow-FTP-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"} - ${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${originator} Create Dictionary attributeType=string attributeName=originator appId=182 appName=SIP attributeValue={"string": "test1"} + ${responder} Create Dictionary attributeType=string attributeName=responder appId=182 appName=SIP attributeValue={"string": "test2"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 diff --git a/01-TestCase/tsg_adc/api_security/DenyDNSTests.robot b/01-TestCase/tsg_adc/api_security/DenyDNSTests.robot index c503802..ac33042 100644 --- a/01-TestCase/tsg_adc/api_security/DenyDNSTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyDNSTests.robot @@ -40,12 +40,12 @@ SecurityPolicy-Deny-DNS-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" } - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -73,7 +73,7 @@ SecurityPolicy-Deny-DNS-00001 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname facebook.com + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS SecurityPolicy-Deny-DNS-00002 [Tags] Deny IP DNS QNAME @@ -105,13 +105,13 @@ SecurityPolicy-Deny-DNS-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=103 appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" } - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -171,13 +171,13 @@ SecurityPolicy-Deny-DNS-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=103 appName=dns protocol=dns attributeValue={"string": "aec188.com"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" } - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "aec188.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} diff --git a/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot b/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot index 0f262f8..3a8b12d 100644 --- a/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot @@ -1,7 +1,8 @@ *** Settings *** Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} Force Tags tsg_adc tsg_security -Library OperatingSystem +Library OperatingSystem +Library Custometest Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot @@ -11,7 +12,7 @@ Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot -Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + *** Variables *** ${policyIds} ${EMPTY} @@ -38,7 +39,7 @@ SecurityPolicy-Deny-FTP-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -69,7 +70,7 @@ SecurityPolicy-Deny-FTP-00001 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP Should Be Equal As Strings ${returnvalue} true SecurityPolicy-Deny-FTP-00002 [Tags] Deny IP FTP Account URI Content @@ -82,7 +83,7 @@ SecurityPolicy-Deny-FTP-00002 Comment 创建Account - ${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} @@ -115,10 +116,10 @@ SecurityPolicy-Deny-FTP-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} - ${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} - ${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -163,7 +164,7 @@ SecurityPolicy-Deny-FTP-00003 Comment 创建Account - ${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} @@ -182,8 +183,8 @@ SecurityPolicy-Deny-FTP-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -246,8 +247,8 @@ SecurityPolicy-Deny-FTP-00004 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -295,12 +296,12 @@ SecurityPolicy-Deny-FTP-00005 ${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} - ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} - ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Deny策略 - ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_CONTENT isValid=${1} appIdObjects=${FTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] @@ -311,8 +312,8 @@ SecurityPolicy-Deny-FTP-00005 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 diff --git a/01-TestCase/tsg_adc/api_security/DenyHttpTests.robot b/01-TestCase/tsg_adc/api_security/DenyHttpTests.robot index 1e5586d..d7e88c0 100644 --- a/01-TestCase/tsg_adc/api_security/DenyHttpTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyHttpTests.robot @@ -39,12 +39,12 @@ SecurityPolicy-Deny-HTTP-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -72,7 +72,7 @@ SecurityPolicy-Deny-HTTP-00001 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.lkong.net + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP Should Be Equal As Strings ${returnvalue} true SecurityPolicy-Deny-HTTP-00002 @@ -103,13 +103,13 @@ SecurityPolicy-Deny-HTTP-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "bellaircraftmuseum.org"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "bellaircraftmuseum.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -152,8 +152,8 @@ SecurityPolicy-Deny-HTTP-00003 ${objectids} set Variable ${objectId} Comment 创建url - ${addItemList1} Create Dictionary keywordArray=*/news/ isHexbin=${0} - ${addItemList2} Create Dictionary keywordArray=$www.icbc.com.cn/ isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=news isHexbin=${0} + ${addItemList2} Create Dictionary keywordArray=www.icbc.com.cn isHexbin=${0} ${addItemList3} Create Dictionary keywordArray=www.gotohoroscope* isHexbin=${0} ${addItemList4} Create Dictionary keywordArray=indexv isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${addItemList4} @@ -178,13 +178,13 @@ SecurityPolicy-Deny-HTTP-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "www.icbc.com.cn/"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.icbc.com.cn/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -267,13 +267,13 @@ SecurityPolicy-Deny-HTTP-00004 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${req_hdr_ua} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -332,13 +332,13 @@ SecurityPolicy-Deny-HTTP-00005 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "utf-8aabnna","district": "Content-Type"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_hdr_ct} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -396,13 +396,13 @@ SecurityPolicy-Deny-HTTP-00006 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "ipp_uid2","district": "Cookie"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "ipp_uid2","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${req_hdr_ck} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -442,14 +442,14 @@ SecurityPolicy-Deny-HTTP-00007 ${objectids} set Variable ${objectId} Comment Set-Cookie - ${addItemList1} Create Dictionary keywordArray=CURRENT_CITY_CODE* isHexbin=${0} district=Set-Cookie + ${addItemList1} Create Dictionary keywordArray=ASP.NET isHexbin=${0} district=Set-Cookie ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建Deny策略 - ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP","method":"drop"} filterList=${objectId}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${policyIds} set Variable ${policyId}[0][policyIds][0] @@ -460,13 +460,13 @@ SecurityPolicy-Deny-HTTP-00007 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "CURRENT_CITY_CODE","district": "Set-Cookie"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "ASP.NET","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_hdr_sc} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -484,8 +484,8 @@ SecurityPolicy-Deny-HTTP-00007 Should Be Equal As Strings ${ok} true Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00013.bat - ... ELSE set variable curl --connect-timeout 5 -m 10 www.ziroom.com/life/index -o /dev/null + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00013_1.bat + ... ELSE set variable curl --connect-timeout 5 -m 10 blog.cnstock.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List 000 ... ELSE Create List timed out ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -494,7 +494,7 @@ SecurityPolicy-Deny-HTTP-00007 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.ziroom.com + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host blog.cnstock.com SecurityPolicy-Deny-HTTP-00008 [Tags] Deny IP HTTP Request Content @@ -524,13 +524,13 @@ SecurityPolicy-Deny-HTTP-00008 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=106 appName=http protocol=http attributeValue={"string": "testDenyHttp0014"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testDenyHttp0014"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_body} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -550,8 +550,8 @@ SecurityPolicy-Deny-HTTP-00008 Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00014.bat ... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"testDenyHttp0014","setcook":"12345678","contenttype": "content-type","responsebody": "testDenyHttp0014"}" http://open.node.com:180/go - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset - ... ELSE Create List Connection reset by peer + ${stringlist} run keyword if '${systemType}'=='Windows' Create List after + ... ELSE Create List after ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -588,13 +588,13 @@ SecurityPolicy-Deny-HTTP-00009 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=106 appName=http protocol=http attributeValue={"string": "华彤公司"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "华彤公司"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_body} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -680,17 +680,17 @@ SecurityPolicy-Deny-HTTP-00010 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "open.node.com"} - ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "open.node.com/"} - ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} - ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} - ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=106 appName=http protocol=http attributeValue={"string": "testDenyHttp0016"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com/"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testDenyHttp0016"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -737,7 +737,7 @@ SecurityPolicy-Deny-HTTP-00011 ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} Comment 创建url - ${addItemList1} Create Dictionary keywordArray=*send-free-sms.aspx isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=send-free-sms.aspx isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} @@ -776,17 +776,17 @@ SecurityPolicy-Deny-HTTP-00011 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${fqdn} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "smspunch.net"} - ${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"} - ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"} - ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"} - ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=106 appName=http protocol=http attributeValue={"string": "Cell No"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"} + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "Cell No"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url} ${req_hdr_ck} ${res_hdr_sc} ${res_body} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} diff --git a/01-TestCase/tsg_adc/api_security/DenyMailTests.robot b/01-TestCase/tsg_adc/api_security/DenyMailTests.robot index 874b2eb..28b6b43 100644 --- a/01-TestCase/tsg_adc/api_security/DenyMailTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyMailTests.robot @@ -12,6 +12,7 @@ Resource ../../../03-Variable/BifangApiVariable.txt Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +Resource ../../../02-Keyword/tsg_common/StmpHandle.robot *** Variables *** ${policyIds} ${EMPTY} @@ -82,18 +83,18 @@ SecurityPolicy-Deny-Mail-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} - ${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"} - ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"} - ${account_id} Create Dictionary attributeType=string attributeName=account appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} - ${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} - ${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + ${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${account_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${account_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -125,7 +126,7 @@ SecurityPolicy-Deny-Mail-00001 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -198,18 +199,18 @@ SecurityPolicy-Deny-Mail-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} - ${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"} - ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"} - ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=110 appName=mail protocol=mail attributeValue={"string": "测试文件"} - ${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} - ${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件"} + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${att_name_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${att_name_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -241,7 +242,7 @@ SecurityPolicy-Deny-Mail-00002 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -279,13 +280,13 @@ SecurityPolicy-Deny-Mail-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -317,7 +318,7 @@ SecurityPolicy-Deny-Mail-00003 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -355,13 +356,13 @@ SecurityPolicy-Deny-Mail-00004 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${content_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${content_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -393,7 +394,7 @@ SecurityPolicy-Deny-Mail-00004 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -411,7 +412,7 @@ SecurityPolicy-Deny-Mail-00005 Comment 创建ATT_NAME - ${addItemList1} Create Dictionary keywordArray=测试文件 isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=.txt isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId1} AddObjects ${1} ${objectDict} @@ -430,13 +431,13 @@ SecurityPolicy-Deny-Mail-00005 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=110 appName=mail protocol=mail attributeValue={"string": "测试文件"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件.txt"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_name_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_name_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -468,14 +469,14 @@ SecurityPolicy-Deny-Mail-00005 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} - + SecurityPolicy-Deny-Mail-00006 [Tags] Deny IP MAIL ATT_CONT @@ -506,13 +507,13 @@ SecurityPolicy-Deny-Mail-00006 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_content_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -544,7 +545,7 @@ SecurityPolicy-Deny-Mail-00006 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -582,13 +583,13 @@ SecurityPolicy-Deny-Mail-00007 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${from_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${from_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -620,7 +621,7 @@ SecurityPolicy-Deny-Mail-00007 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -657,13 +658,13 @@ SecurityPolicy-Deny-Mail-00008 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${to_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${to_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -695,7 +696,7 @@ SecurityPolicy-Deny-Mail-00008 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -732,13 +733,13 @@ SecurityPolicy-Deny-Mail-00009 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${account_id} Create Dictionary attributeType=string attributeName=account appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account_id} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${account_id} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -770,7 +771,7 @@ SecurityPolicy-Deny-Mail-00009 ${邮件正文} Set Variable good ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail ... ELSE should contain ${发送邮件返回结果} fail Comment 日志验证 @@ -779,70 +780,70 @@ SecurityPolicy-Deny-Mail-00009 ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} -SecurityPolicy-Deny-Mail-00010 - [Tags] Deny IP MAIL - Comment 创建IP - ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 - ${addItemLists} Create list ${addItemList1} - ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} - ${rescode} ${objectId} AddObjects ${1} ${objectDict} - ${objectids} set Variable ${objectId} +# SecurityPolicy-Deny-Mail-00010 + # [Tags] Deny IP MAIL + # Comment 创建IP + # ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + # ${addItemLists} Create list ${addItemList1} + # ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + # ${rescode} ${objectId} AddObjects ${1} ${objectDict} + # ${objectids} set Variable ${objectId} - Comment 创建Deny策略 - ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL","method":"rst"} isValid=${1} appIdObjects=${MAIL_ID} - ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 - ${policyIds} set Variable ${policyId}[0][policyIds][0] + # Comment 创建Deny策略 + # ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL","method":"rst"} isValid=${1} appIdObjects=${MAIL_ID} + # ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + # ${policyIds} set Variable ${policyId}[0][policyIds][0] - ${starttime} Get Time - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s + # ${starttime} Get Time + # #功能端验证 + # Sleep ${policyVerificationSleepSeconds}s - Comment 策略验证 - #新增策略验证 - #创建attributes中的字典 - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} - ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} - ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"} - # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} - ${verifySession} Create Dictionary attributes=${attributes} - ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} - log ${verifyList} - ${rescode} ${resData} VerifyPolicies ${verifyList} - # 打印检查结果 - ${objectid_verify} Set Variable ${objectids} - ${objectid_verify} Catenate SEPARATOR=, ${policyIds} - # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 - log ${objectid_verify} - ${testType} Evaluate type($objectid_verify) - ${testType} Evaluate type($resData) - log ${resData} - sleep 5 - ${ok} VerifyProxy ${resData} ${objectid_verify} - Should Be Equal As Strings ${ok} true + # Comment 策略验证 + # #新增策略验证 + # #创建attributes中的字典 + + # ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + # ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # # 合成attributes字典集 + # ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + # ${verifySession} Create Dictionary attributes=${attributes} + # ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + # log ${verifyList} + # ${rescode} ${resData} VerifyPolicies ${verifyList} + # # 打印检查结果 + # ${objectid_verify} Set Variable ${objectids} + # ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + # log ${objectid_verify} + # ${testType} Evaluate type($objectid_verify) + # ${testType} Evaluate type($resData) + # log ${resData} + # sleep 5 + # ${ok} VerifyProxy ${resData} ${objectid_verify} + # Should Be Equal As Strings ${ok} true - Comment 功能端验证 - ${Smtp服务器} Set Variable Smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable ${mailAccount163Dxy} - ${邮箱密码} Set Variable ${mailPasswordDxy} - ${邮件主题} Set Variable 人生路远及时行乐 - ${发送者} Set Variable ${mailAccount163Dxy} - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["${mailAccount163Lyf}"] - ${抄送者} Set Variable ["${mailAccount163Lyf}"] - ${密送者} Set Variable ["${mailAccount163Lyf}"] - ${邮件正文} Set Variable good - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail - ... ELSE should contain ${发送邮件返回结果} fail + # Comment 功能端验证 + # ${Smtp服务器} Set Variable Smtp.163.com + # ${Smtp服务器端口} Set Variable 25 + # ${邮箱账号} Set Variable ${mailAccount163Dxy} + # ${邮箱密码} Set Variable ${mailPasswordDxy} + # ${邮件主题} Set Variable 人生路远及时行乐 + # ${发送者} Set Variable ${mailAccount163Dxy} + # ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + # ${接收者} Set Variable ["${mailAccount163Lyf}"] + # ${抄送者} Set Variable ["${mailAccount163Lyf}"] + # ${密送者} Set Variable ["${mailAccount163Lyf}"] + # ${邮件正文} Set Variable good + # ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + # Log ${发送邮件返回结果} + # run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail + # ... ELSE should contain ${发送邮件返回结果} fail - Comment 日志验证 - #日志验证 - ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + # Comment 日志验证 + # #日志验证 + # ${s} Convert to String ${policyIds} + # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account mail_from_cmd \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot b/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot index 3be5cc6..d716f87 100644 --- a/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot @@ -40,12 +40,12 @@ SecurityPolicy-Deny-QUCI-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "2521"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} diff --git a/01-TestCase/tsg_adc/api_security/DenySSLTests.robot b/01-TestCase/tsg_adc/api_security/DenySSLTests.robot index 9167b61..26285b1 100644 --- a/01-TestCase/tsg_adc/api_security/DenySSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenySSLTests.robot @@ -60,15 +60,15 @@ SecurityPolicy-Deny-SSL-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} - ${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} - ${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} ${cn} ${san} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${cn} ${san} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -127,13 +127,13 @@ SecurityPolicy-Deny-SSL-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -193,13 +193,13 @@ SecurityPolicy-Deny-SSL-00003 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${cn} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${cn} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -240,7 +240,7 @@ SecurityPolicy-Deny-SSL-00004 ${objectids} set Variable ${objectId} Comment 创建SAN - ${addItemList1} Create Dictionary keywordArray=*austinama.org isHexbin=${0} + ${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0} ${addItemLists} Create list ${addItemList1} ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} @@ -258,13 +258,13 @@ SecurityPolicy-Deny-SSL-00004 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "austinama.org"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${san} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${san} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -283,17 +283,18 @@ SecurityPolicy-Deny-SSL-00004 Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat - ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat - ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out ... ELSE Create List timed out ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru Should Be Equal As Strings ${returnvalue} true + SecurityPolicy-Deny-SSL-00005 [Tags] Deny IP SSL @@ -317,12 +318,12 @@ SecurityPolicy-Deny-SSL-00005 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} - ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} # 合成attributes字典集 - ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${verifySession} Create Dictionary attributes=${attributes} ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} log ${verifyList} @@ -350,5 +351,5 @@ SecurityPolicy-Deny-SSL-00005 Comment 日志验证 #日志验证 ${s} Convert to String ${policyIds} - ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/DenySipTests.robot b/01-TestCase/tsg_adc/api_security/DenySipTests.robot index 555e3ab..1e4ab36 100644 --- a/01-TestCase/tsg_adc/api_security/DenySipTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenySipTests.robot @@ -38,7 +38,7 @@ SecurityPolicy-Deny-SIP-00001 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -104,9 +104,9 @@ SecurityPolicy-Deny-FTP-00002 Comment 策略验证 #新增策略验证 #创建attributes中的字典 - ${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"} - ${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${originator} Create Dictionary attributeType=string attributeName=originator appId=182 appName=SIP attributeValue={"string": "test1"} + ${responder} Create Dictionary attributeType=string attributeName=responder appId=182 appName=SIP attributeValue={"string": "test2"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 diff --git a/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot b/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot index 634d146..afbe6e8 100644 --- a/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot +++ b/01-TestCase/tsg_adc/api_security/Intercept_SSL_Decryption_Tests.robot @@ -1,761 +1,864 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot -Resource ../../../03-Variable/AllFlowCaseVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} -${url} /v1/policy/profile/decryption -${profileId} ${EMPTY} - -*** Test Cases *** -Intercept_SSL_Decryption-00001 - [Tags] intercpt-服务器证书校验开关关闭 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat - ... ELSE set variable curl -kv https://wrong.host.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat - ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat - ... ELSE set variable curl -kv https://self-signed.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat - ... ELSE set variable curl -kv https://expired.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com - -Intercept_SSL_Decryption-00002 - [Tags] 拦截intercpt-服务器证书校验打开-failclose - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat - ... ELSE set variable curl -kv https://wrong.host.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat - ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat - ... ELSE set variable curl -kv https://self-signed.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat - ... ELSE set variable curl -kv https://expired.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com - -Intercept_SSL_Decryption-00003 - [Tags] 拦截intercpt-服务器证书校验打开-pass-through - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat - ... ELSE set variable curl -kv https://wrong.host.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat - ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat - ... ELSE set variable curl -kv https://self-signed.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat - ... ELSE set variable curl -kv https://expired.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni expired.badssl.com - -Intercept_SSL_Decryption-00004 - [Tags] intercpt-EV关闭 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat - ... ELSE set variable curl -kv https://myssl.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat - ... ELSE set variable curl -kv https://www.myssl.cn - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn - -Intercept_SSL_Decryption-00005 - [Tags] intercpt-EV开启 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*myssl.com,*myssl.cn - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat - ... ELSE set variable curl -kv https://myssl.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat - ... ELSE set variable curl -kv https://www.myssl.cn - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn - -Intercept_SSL_Decryption-00006 - [Tags] 拦截intercpt-CT关闭 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat - ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat - ... ELSE set variable curl -kv https://www.vip.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat - ... ELSE set variable curl -kv https://mail.ru/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru - -Intercept_SSL_Decryption-00007 - [Tags] 拦截intercpt-CT开启 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*jd.com,*mail.ru - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat - ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable GlobalSign RSA OV SSL CA 2018 - ... ELSE set variable GlobalSign RSA OV SSL CA 2018 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat - ... ELSE set variable curl -kv https://www.vip.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Secure Site Pro CA G2 - ... ELSE set variable Secure Site Pro CA G2 - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat - ... ELSE set variable curl -kv https://mail.ru/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mail.ru - -Intercept_SSL_Decryption-00008 - [Tags] 拦截intercpt-MA关闭 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat - ... ELSE set variable curl -kv https://client.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com - -Intercept_SSL_Decryption-00009 - [Tags] 拦截intercpt-MA开启 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*badssl.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat - ... ELSE set variable curl -kv https://client.badssl.com/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable DigiCert SHA2 Secure Server CA - ... ELSE set variable DigiCert SHA2 Secure Server CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com - -Intercept_SSL_Decryption-00010 - [Tags] 拦截intercpt-协议版本-SSL3 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*ya.ru,*yandex.ru - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat - ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_11.bat - ... ELSE set variable curl -kv https://ya.ru - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni ya.ru - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_12.bat - ... ELSE set variable curl -kv https://yandex.ru - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni yandex.ru - -Intercept_SSL_Decryption-00011 - [Tags] 拦截intercpt-协议版本-TLS1.0 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat - ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat - ... ELSE set variable curl -kv https://github.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat - ... ELSE set variable curl -kv https:///www.mi.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat - ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com - -Intercept_SSL_Decryption-00012 - [Tags] 拦截intercpt-协议版本-TLS1.1 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*newdaynews.ru,*github.com,*jd.com,*mi.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat - ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni newdaynews.ru - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat - ... ELSE set variable curl -kv https://github.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat - ... ELSE set variable curl -kv https:///www.mi.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat - ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com - -Intercept_SSL_Decryption-00013 - [Tags] 拦截intercpt-协议版本-TLS1.2 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*jd.com,*taobao.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat - ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni coll.jd.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat - ... ELSE set variable curl -kv https://www.taobao.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni taobao.com - -Intercept_SSL_Decryption-00014 - [Tags] 拦截intercpt-协议版本-TLS1.3 - Comment 创建Decryption Profile - ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} - ${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1} - ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} - ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - ${response} CreatePolicyFileNoFile ${url} ${data} - ${profiledId} Get From Dictionary ${response} profileId - Comment 创建fqdn - ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*vip.com,*github.com,*halfrost.com,*mi.com - ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} - ${objectids} set Variable ${object_fqdn_Id} - Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00014 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3 - ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat - ... ELSE set variable curl -kv https://www.vip.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni vip.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat - ... ELSE set variable curl -kv https://halfrost.com/tls1-3_start/ - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat - ... ELSE set variable curl -kv https:///www.mi.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Connection was reset - ... ELSE set variable Connection reset by peer - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni mi.com - Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat - ... ELSE set variable curl -kv https://github.com - ${stringlist} run keyword if '${systemType}'=='Windows' set variable Tango Secure Gateway CA - ... ELSE set variable Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni github.com +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} url=${url} profiledId=${profiledId} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /v1/policy/profile/decryption +${profiledId} ${EMPTY} + +*** Test Cases *** + +Intercept_SSL_Decryption-00001 + [Tags] intercpt-服务器证书校验开关关闭 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat + ... ELSE set variable curl -kv https://wrong.host.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com + Should Be Equal As Strings ${returnvalue} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat + ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat + ... ELSE set variable curl -kv https://self-signed.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat + ... ELSE set variable curl -kv https://expired.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + +Intercept_SSL_Decryption-00002 + [Tags] 拦截intercpt-服务器证书校验打开-failclose + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat + ... ELSE set variable curl -kv https://wrong.host.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to + ... ELSE Create List SSL_ERROR_SYSCALL in connection to + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com + Should Be Equal As Strings ${returnvalue} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat + ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to + ... ELSE Create List SSL_ERROR_SYSCALL in connection to + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat + ... ELSE set variable curl -kv https://self-signed.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to + ... ELSE Create List SSL_ERROR_SYSCALL in connection to + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat + ... ELSE set variable curl -kv https://expired.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List SSL_ERROR_SYSCALL in connection to + ... ELSE Create List SSL_ERROR_SYSCALL in connection to + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00003 + [Tags] 拦截intercpt-服务器证书校验打开-pass-through + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005.bat + ... ELSE set variable curl -kv https://wrong.host.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni wrong.host.badssl.com + Should Be Equal As Strings ${returnvalue} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006.bat + ... ELSE set variable curl -kv https://untrusted-root.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni untrusted-root.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat + ... ELSE set variable curl -kv https://self-signed.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat + ... ELSE set variable curl -kv https://expired.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni expired.badssl.com + Should Be Equal As Strings ${returnvalue} true + +Intercept_SSL_Decryption-00004 + [Tags] intercpt-EV关闭 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*myssl.cn isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat + ... ELSE set variable curl -kv https://www.myssl.cn + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.cn + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00005 + [Tags] intercpt-EV开启 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":1,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*myssl.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat + ... ELSE set variable curl -kv https://myssl.com + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003_004.bat + ... ELSE set variable curl -kv https://myssl.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List TrustAsia EV TLS Pro CA G3 + ... ELSE Create List TrustAsia EV TLS Pro CA G3 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni myssl.com + Should Be Equal As Strings ${returnvalue} true + +Intercept_SSL_Decryption-00006 + [Tags] 拦截intercpt-CT关闭 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0} + ${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0} + ${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat + ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com + Should Be Equal As Strings ${returnvalue} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat + ... ELSE set variable curl -kv https://www.vip.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat + ... ELSE set variable curl -kv https://mail.ru/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00007 + [Tags] 拦截intercpt-CT开启 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":1,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*vip.com isHexbin=${0} + ${addItemList2} Create Dictionary keywordArray=*jd.com isHexbin=${0} + ${addItemList3} Create Dictionary keywordArray=*mail.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat + ... ELSE set variable curl -kv https://coll.jd.com/?e=illegalTopic/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List GlobalSign RSA OV SSL CA 2018 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com + Should Be Equal As Strings ${returnvalue} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat + ... ELSE set variable curl -kv https://www.vip.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Secure Site Pro CA G2 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.vip.com + Should Be Equal As Strings ${returnvalue} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_007.bat + ... ELSE set variable curl -kv https://mail.ru/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mail.ru + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00008 + [Tags] 拦截intercpt-MA关闭 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":0,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat + ... ELSE set variable curl -kv https://client.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00009 + [Tags] 拦截intercpt-MA开启 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":0,"cert_transparency":0,"protocol_errors":0,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*badssl.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008_9.bat + ... ELSE set variable curl -kv https://client.badssl.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List DigiCert SHA2 Secure Server CA + ... ELSE Create List DigiCert SHA2 Secure Server CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni client.badssl.com + Should Be Equal As Strings ${returnvalue} true + + + +Intercept_SSL_Decryption-00010 + [Tags] 拦截intercpt-协议版本-SSL3 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"ssl3","mirror_client":0,"allow_http2":0} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*newdaynews.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL010_10.bat + ... ELSE set variable curl -kv https://newdaynews.ru/moskow/665390.html/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List newdaynews.ru + ... ELSE Create List newdaynews.ru + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni newdaynews.ru + Should Be Equal As Strings ${returnvalue} true + + + +Intercept_SSL_Decryption-00011 + [Tags] 拦截intercpt-协议版本-TLS1.0 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"tls10","max":"tls10","mirror_client":0,"allow_http2":0} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*github.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011_12.bat + ... ELSE set variable curl -kv https://github.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List github.com + ... ELSE Create List github.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni github.com + Should Be Equal As Strings ${returnvalue} true + + +Intercept_SSL_Decryption-00012 + [Tags] 拦截intercpt-协议版本-TLS1.1 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"tls11","max":"tls11","mirror_client":0,"allow_http2":0} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*jd.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_008.bat + ... ELSE set variable curl -kv https://github.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni coll.jd.com + Should Be Equal As Strings ${returnvalue} true + + + +Intercept_SSL_Decryption-00013 + [Tags] 拦截intercpt-协议版本-TLS1.2 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"tls12","max":"tls12","mirror_client":0,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*taobao.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat + ... ELSE set variable curl -kv https://www.taobao.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni taobao.com + Should Be Equal As Strings ${returnvalue} true + + + +Intercept_SSL_Decryption-00014 + [Tags] 拦截intercpt-协议版本-TLS1.3 + Comment 创建Decryption Profile + ${dynamic_bypass} set variable "dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0,"trusted_root_cert_is_not_installed_on_client":0} + ${protocol_version} set variable "protocol_version":{"min":"tls13","max":"tls13","mirror_client":0,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${data} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileId":"","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${profiledId} Get From Dictionary ${response} profileId + + + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*mi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":${profiledId},"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat + ... ELSE set variable curl -kv https://www.taobao.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List mi.com + ... ELSE Create List mi.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni mi.com + Should Be Equal As Strings ${returnvalue} true + + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/InteseptHttpTests.robot b/01-TestCase/tsg_adc/api_security/InteseptHttpTests.robot index 1831620..f6e78e5 100644 --- a/01-TestCase/tsg_adc/api_security/InteseptHttpTests.robot +++ b/01-TestCase/tsg_adc/api_security/InteseptHttpTests.robot @@ -1,102 +1,143 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-Intesept-Http-00001 - [Tags] Intercept http ip+fqdn - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.wenming.cn - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run ${commandstr} - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain wenming.cn - -SecurityPolicy-Intesept-Http-00002 - [Tags] Intercept http SUB+CAT - # #创建对象SUB ID - # ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # log ${object_SUB_Id} - # #删除对象 - # ${objectids} set Variable ${object_SUB_Id} - #创建cat - ${rescode} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*newsgd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]}, \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.newsgd.com - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run ${commandstr} - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.newsgd.com - -SecurityPolicy-Intesept-Http-00003 - [Tags] Intercept http ip+fqdn - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$poplar.ru" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://poplar.ru/ - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run ${commandstr} - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain poplar.ru +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Intesept-Http-00001 + [Tags] Intercept http ip+fqdn + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_HTTP_00001.bat + ... ELSE set variable curl http://www.yumi.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 玉米 + ... ELSE Create List 玉米 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.yumi.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Intesept-Http-00002 + [Tags] Intercept http + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_HTTP_00001.bat + ... ELSE set variable curl http://www.yumi.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 玉米 + ... ELSE Create List 玉米 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP + Should Be Equal As Strings ${returnvalue} true diff --git a/01-TestCase/tsg_adc/api_security/InteseptSSLTests.robot b/01-TestCase/tsg_adc/api_security/InteseptSSLTests.robot index 9387bb4..1413026 100644 --- a/01-TestCase/tsg_adc/api_security/InteseptSSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/InteseptSSLTests.robot @@ -1,393 +1,144 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-Intesept-Https-00001 - [Tags] Intercept https ip+fqdn - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.youtube.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL001.bat - ... ELSE set variable curl -kv https://www.youtube.com - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.youtube.com - -SecurityPolicy-Intesept-Https-00002 - [Tags] Intercept https SUB+CAT - # #创建对象SUB ID - # ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - # log ${object_SUB_Id} - # #删除对象 - # ${objectids} set Variable ${object_SUB_Id} - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*facebook.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL002.bat - ... ELSE set Variable curl -kv https://www.facebook.com - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.facebook.com - -SecurityPolicy-Intesept-Https-00003 - [Tags] Intercept https Fail-close - #创建cat - ${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat - ... ELSE set variable curl -kv https://client.badssl.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com - -SecurityPolicy-Intesept-Https-00004 - [Tags] Intercept https Pass-through - #创建cat - ${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat - ... ELSE set variable curl -kv https://self-signed.badssl.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com - -SecurityPolicy-Intesept-Https-00005 - [Tags] Intercept https EV - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat - ... ELSE set variable curl -kv https://www.myssl.cn/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn - -SecurityPolicy-Intesept-Https-00006 - [Tags] Intercept https CT - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat - ... ELSE set variable curl -kv https://www.vip.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com - -SecurityPolicy-Intesept-Https-00007 - [Tags] Intercept https MA - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat - ... ELSE set variable curl -kv https://www.myssl.cn/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn - -SecurityPolicy-Intesept-Https-00008 - [Tags] Intercept https SSL3.0 - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*360.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008.bat - ... ELSE set variable curl -kv https://360.cn/ - ${stringlist} Create List ssl3_read_bytes - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni 360.cn - -SecurityPolicy-Intesept-Https-00009 - [Tags] Intercept https TSL1.0 - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.mi.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat - ... ELSE set variable curl -kv https://www.mi.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.mi.com - -SecurityPolicy-Intesept-Https-00010 - [Tags] Intercept https TSL1.1 - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat - ... ELSE set variable curl -kv https://www.vip.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com - -SecurityPolicy-Intesept-Https-00011 - [Tags] Intercept https TSL1.2 - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat - ... ELSE set variable curl -kv https://www.taobao.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.taobao.com - -SecurityPolicy-Intesept-Https-00012 - [Tags] Intercept https TSL1.3 - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*halfrost.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat - ... ELSE set variable curl -kv https://halfrost.com/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com - -SecurityPolicy-Intesept-Https-00013 - [Tags] Intercept https ip+fqdn - #创建fqdn - ${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.olx.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_FQDN_Id} - #删除对象 - ${objectids} set Variable ${object_FQDN_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL013.bat - ... ELSE set variable curl -kv https://www.olx.kz/uslugi/ - ${stringlist} Create List Tango Secure Gateway CA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommands ${commandstr} ${stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.olx.kz +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Intesept-Https-00001 + [Tags] Intercept https ip+sni + + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.reviewpro.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.reviewpro.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00001.bat + ... ELSE set variable curl -kv https://www.reviewpro.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List reviewpro Tango Secure Gateway CA + ... ELSE Create List reviewpro Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.reviewpro.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Intesept-Https-00002 + [Tags] Intercept https + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Intercept策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00002.bat + ... ELSE set variable curl -kv https://fenopy.se/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Fenopy Tango Secure Gateway CA + ... ELSE Create List Fenopy Tango Secure Gateway CA + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/MonitorDNSTests.robot b/01-TestCase/tsg_adc/api_security/MonitorDNSTests.robot index 4e54fe7..97f7cef 100644 --- a/01-TestCase/tsg_adc/api_security/MonitorDNSTests.robot +++ b/01-TestCase/tsg_adc/api_security/MonitorDNSTests.robot @@ -1,71 +1,143 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-monitor-DNS-00001 - [Tags] monitor DNS ip+fqdn - #创建fqdn - ${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_fqdn_Id} - #删除对象 - ${objectids} set Variable ${object_fqdn_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} set variable nslookup -d www.vip.com - @{stringlist} set variable canonical name = www.vip.com type = AAAA, class = IN - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} @{stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.vip.com - -SecurityPolicy-monitor-DNS-00002 - [Tags] monitor DNS ip+cat - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} set variable nslookup -d www.taobao.com - @{stringlist} set variable canonical name = www.taobao.com type = AAAA - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} @{stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #验证日志 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.taobao.com - +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Monitor-DNS-00001 + [Tags] Monitor IP DNS + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS"} isValid=${1} appIdObjects=${DNS_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d twitter.com + ... ELSE set variable nslookup twitter.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List twitter.com + ... ELSE Create List twitter.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS + +SecurityPolicy-Monitor-DNS-00002 + [Tags] Monitor IP DNS QNAME + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*www.youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS"} filterList=${objectId1}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" } + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.youtube.com 8.8.8.8 + ... ELSE set variable nslookup -debug -query=A \ www.youtube.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List www.youtube.com + ... ELSE Create List www.youtube.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname www.youtube.com + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/MonitorFTPTests.robot b/01-TestCase/tsg_adc/api_security/MonitorFTPTests.robot index fa37f6a..3939697 100644 --- a/01-TestCase/tsg_adc/api_security/MonitorFTPTests.robot +++ b/01-TestCase/tsg_adc/api_security/MonitorFTPTests.robot @@ -1,96 +1,347 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot -Library Custometest - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-monitor-FTP-00001 - [Tags] monitor Sub_Account - # #创建对象 Sub - # ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$jwctest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - # log ${object_Sub_Id} - # ${objectids} set Variable ${object_Sub_Id} - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 登录 - should contain ${FTP} ftp_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous - -SecurityPolicy-monitor-FTP-00002 - [Tags] monitor URI_Content - #创建对象 URI - ${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_URI_Id} - ${objectids} set Variable ${object_URI_Id} - #创建对象 Content - ${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Content_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 下载 - should contain ${FTP} ftp_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt - -SecurityPolicy-monitor-FTP-00003 - [Tags] monitor Sub_Account - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 登录 - should contain ${FTP} ftp_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous - +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Library Custometest +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +*** Test Cases *** +SecurityPolicy-Monitor-FTP-00001 + [Tags] Monitor IP FTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} success + run keyword if '${systemType}'=='Windows' should contain ${FTP} success + ... ELSE should contain ${FTP} success + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP + Should Be Equal As Strings ${returnvalue} true +SecurityPolicy-Monitor-FTP-00002 + [Tags] Monitor IP FTP Account URI Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建URI + ${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} success + run keyword if '${systemType}'=='Windows' should contain ${FTP} success + ... ELSE should contain ${FTP} success + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-FTP-00003 + [Tags] Monitor IP FTP Account + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} success + run keyword if '${systemType}'=='Windows' should contain ${FTP} success + ... ELSE should contain ${FTP} success + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + + +SecurityPolicy-Monitor-FTP-00004 + [Tags] Monitor IP FTP URI + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建URI + ${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} success + run keyword if '${systemType}'=='Windows' should contain ${FTP} success + ... ELSE should contain ${FTP} success + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-FTP-00005 + [Tags] Monitor IP FTP Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId3}|TSG_FIELD_FTP_CONTENT isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} success + run keyword if '${systemType}'=='Windows' should contain ${FTP} success + ... ELSE should contain ${FTP} success + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true diff --git a/01-TestCase/tsg_adc/api_security/MonitorHttpTests.robot b/01-TestCase/tsg_adc/api_security/MonitorHttpTests.robot index 83532ea..94bdbe1 100644 --- a/01-TestCase/tsg_adc/api_security/MonitorHttpTests.robot +++ b/01-TestCase/tsg_adc/api_security/MonitorHttpTests.robot @@ -1,103 +1,809 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - - -*** Test Cases *** -SecurityPolicy-monitor-Http-00001 - [Tags] monitor http ip+cat+User-Agent+Content-Type+url - #创建cat - ${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ziroom.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_cat_Id} - #删除对象 - ${objectids} set Variable ${object_cat_Id} - #创建url - ${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ziroom" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_url_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建请求头 - ${rescode} ${object_User_Agent_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_User_Agent_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_User_Agent_Id} - #创建应答头 - ${rescode} ${object_Content-Type_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_Content-Type_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content-Type_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - #${commandstr} set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk - ${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk - ... ELSE set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ziroom.com/life/index - - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} OperatingSystem.Run ${commandstr} - should contain ${commandreturn} 全屋智能美家 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.ziroom.com - -SecurityPolicy-monitor-Http-00002 - [Tags] monitor http SUB+cat+set-cookie+url - #创建fqdn - ${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_fqdn_Id} - #删除对象 - ${objectids} set Variable ${object_fqdn_Id} - #创建url - ${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu*" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - log ${object_url_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} - #创建请求头 - ${rescode} ${object_sk_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_sk","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_sk_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_sk_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_SUB_Id}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \ - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - #${commandstr} set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk - ${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk - ... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${commandreturn} SystemCommand ${commandstr} - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.xiaozhu.com - +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url1} /v1/policy/profile/responsepages +*** Test Cases *** +SecurityPolicy-Monitor-HTTP-00001 + [Tags] Monitor IP HTTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Fitzhugh Media + ... ELSE Create List Fitzhugh Media + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-HTTP-00002 + [Tags] Monitor IP HTTP FQDN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*fitzhughmedia.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "fitzhughmedia.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Fitzhugh Media + ... ELSE Create List Fitzhugh Media + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host fitzhughmedia.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-HTTP-00003 + [Tags] Monitor IP HTTP URL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=portal/zh_CN/home/index.html isHexbin=${0} + ${addItemList2} Create Dictionary keywordArray=www.nuk-baby.ru* isHexbin=${0} + ${addItemList3} Create Dictionary keywordArray=davidsmithhunting.com isHexbin=${0} + ${addItemList4} Create Dictionary keywordArray=crosswordheaven isHexbin=${0} + ${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${addItemList4} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=Monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.hkbchina.com/portal/zh_CN/home/index.html"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003.bat + ... ELSE set variable curl http://www.hkbchina.com/portal/zh_CN/home/index.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 汉口银行 + ... ELSE Create List 汉口银行 + ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_1.bat + ... ELSE set variable curl http://www.nuk-baby.ru/ru_ru/kollekcii/disney-mickey-mouse.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Поиск + ... ELSE Create List Поиск + ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_2.bat + ... ELSE set variable curl http://davidsmithhunting.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List David Smith + ... ELSE Create List David Smith + ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_3.bat + ... ELSE set variable curl http://crosswordheaven.com/search + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Search + ... ELSE Create List Search + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host hkbchina.com + Should Be Equal As Strings ${returnvalue} true + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host baby.ru + Should Be Equal As Strings ${returnvalue} true + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host davidsmithhunting.com + Should Be Equal As Strings ${returnvalue} true + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host crosswordheaven.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-HTTP-00004 + [Tags] Monitor IP HTTP User-Agent + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00004.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00004_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Motivational + ... ELSE Create List Motivational + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host quotes.info + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-HTTP-00005 + [Tags] Monitor IP HTTP Content-Type + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=*html isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "text/html","district": "Content-Type"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_yumi.bat + ... ELSE set variable curl http://www.yumi.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 服务平台 + ... ELSE Create List 服务平台 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.yumi.com + +SecurityPolicy-Monitor-HTTP-00006 + [Tags] Monitor IP HTTP Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=wingsofprey isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "wingsofprey","district": "Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00012.bat + ... ELSE set variable curl -kv --cookie "*wingsofprey=jkmg7dm2dqjhf4514u0ehjde45; __utma=1.780132397.1593856991.1593856991.1593856991.1; __utmc=1; __utmz=1.1593856991.1.1.utmcsr=lvse.cn" --referer 'http://www.baidu.com/' \ http://www.titter.com/en/games/jack-stone.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Scooby Doo Adventure 3 + ... ELSE Create List Scooby Doo Adventure 3 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.titter.com + +SecurityPolicy-Monitor-HTTP-00007 + [Tags] Monitor IP HTTP Set-Cookie + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=domain=www.spore isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=Monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "domain=www.spore","district": "Set-Cookie"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00013.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00013_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List www.spore.com + ... ELSE Create List www.spore.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.spore.com + +SecurityPolicy-Monitor-HTTP-00008 + [Tags] Monitor IP HTTP Request Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=monitortest141 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "monitortest141"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00014.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00014_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List monitortest141 + ... ELSE Create List monitortest141 + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Monitor-HTTP-00009 + [Tags] Monitor IP HTTP Response Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=华彤公司 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "华彤公司"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00015.bat + ... ELSE set variable curl -m 10 -kv http://www.huatonggs.com/about.html#gsjj + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 华彤公司 + ... ELSE Create List 华彤公司 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host huatonggs.com + +SecurityPolicy-Monitor-HTTP-00010 + [Tags] Monitor IP HTTP FQDN URL User-Agent Content-Type Request Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*open.node.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=open.node isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment User-Agent + ${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Content-Type + ${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Request Content + ${addItemList1} Create Dictionary keywordArray=MonitorHttp0016 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com/"} + ${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"} + ${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"} + ${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testMonitorHttp0016"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00016.bat + ... ELSE set variable curl -m 10 -kv -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"MonitorHttp0016","setcook":"asdf","contenttype": "charsetMonitor0016","responsebody": "adzx"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com:180/go + ${stringlist} run keyword if '${systemType}'=='Windows' Create List MonitorHttp0016 + ... ELSE Create List MonitorHttp0016 + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Monitor-HTTP-00011 + [Tags] Monitor IP HTTP FQDN URL Cookie Set-Cookie Response Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*smspunch.net isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=*send-free-sms.aspx isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment Cookie + ${addItemList1} Create Dictionary keywordArray=_ym_isad=2 isHexbin=${0} district=Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment Set-Cookie + ${addItemList1} Create Dictionary keywordArray=NET_SessionId isHexbin=${0} district=Set-Cookie + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment Response Content + ${addItemList1} Create Dictionary keywordArray=Cell No isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net"} + ${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"} + ${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"} + ${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"} + ${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "Cell No"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url} ${req_hdr_ck} ${res_hdr_sc} ${res_body} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00017.bat + ... ELSE set variable curl -m 10 -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://smspunch.net/send-free-sms.aspx + ${stringlist} run keyword if '${systemType}'=='Windows' Create List smspunch.net + ... ELSE Create List smspunch.net + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host smspunch.net \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/MonitorMailTests.robot b/01-TestCase/tsg_adc/api_security/MonitorMailTests.robot index b0c07c1..00308b3 100644 --- a/01-TestCase/tsg_adc/api_security/MonitorMailTests.robot +++ b/01-TestCase/tsg_adc/api_security/MonitorMailTests.robot @@ -1,215 +1,849 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot -Library Custometest - - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-monitor-mail-00001 - [Tags] monitor URI_Content - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1343921421z@163.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${mail} EmailLogin smtp.163.com 25 z1343921421z@163.com VIAVUYPIEJRDQDBN - should contain ${mail} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com - -SecurityPolicy-monitor-mail-00002 - [Tags] monitor to - #创建对象 to - ${rescode_deny} ${object_to_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_to","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1789327568z@163.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_to_id} - ${objectids} set Variable ${object_to_id} - #创建策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${Smtp服务器} Set Variable smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable z1343921421z@163.com - ${邮箱密码} Set Variable VIAVUYPIEJRDQDBN - ${邮件主题} Set Variable 姬巍川subject - ${发送者} Set Variable z1343921421z@163.com - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["z1789327568z@163.com"] - ${抄送者} Set Variable ["z1789327568z@163.com"] - ${密送者} Set Variable ["z1789327568z@163.com"] - ${邮件正文} Set Variable 朱明明content - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - should contain ${发送邮件返回结果} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com - -SecurityPolicy-monitor-Mail-00003 - [Tags] monitor From - #创建对象 From - ${rescode_deny} ${object_From_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_from","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1343921421z@163.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_From_id} - ${objectids} set Variable ${object_From_id} - #创建策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${Smtp服务器} Set Variable smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable z1343921421z@163.com - ${邮箱密码} Set Variable VIAVUYPIEJRDQDBN - ${邮件主题} Set Variable 姬巍川subject - ${发送者} Set Variable z1343921421z@163.com - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["z1789327568z@163.com"] - ${抄送者} Set Variable ["z1789327568z@163.com"] - ${密送者} Set Variable ["z1789327568z@163.com"] - ${邮件正文} Set Variable 姬巍川content - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - should contain ${发送邮件返回结果} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com - -SecurityPolicy-monitor-Mail-00004 - [Tags] monitor Att_content - #创建对象 att_content - ${rescode_deny} ${object_att_content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川测试文件内容"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_att_content_id} - ${objectids} set Variable ${object_att_content_id} - #创建策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00004","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00004","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${Smtp服务器} Set Variable smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable z1343921421z@163.com - ${邮箱密码} Set Variable VIAVUYPIEJRDQDBN - ${邮件主题} Set Variable 姬巍川subject - ${发送者} Set Variable z1343921421z@163.com - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["z1789327568z@163.com"] - ${抄送者} Set Variable ["z1789327568z@163.com"] - ${密送者} Set Variable ["z1789327568z@163.com"] - ${邮件正文} Set Variable 姬巍川content - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - should contain ${发送邮件返回结果} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com - -SecurityPolicy-monitor-Mail-00005 - [Tags] monitor Content - #创建对象 Content - ${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川content"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Content_id} - ${objectids} set Variable ${object_Content_id} - #创建策略 - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00005","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00005","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${Smtp服务器} Set Variable smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable z1343921421z@163.com - ${邮箱密码} Set Variable VIAVUYPIEJRDQDBN - ${邮件主题} Set Variable 姬巍川subject - ${发送者} Set Variable z1343921421z@163.com - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["z1789327568z@163.com"] - ${抄送者} Set Variable ["z1789327568z@163.com"] - ${密送者} Set Variable ["z1789327568z@163.com"] - ${邮件正文} Set Variable 姬巍川content - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - should contain ${发送邮件返回结果} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com - -SecurityPolicy-monitor-Mail-00006 - [Tags] monitor Subject - # #创建对象 Subject - # ${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - # log ${object_Subject_Id} - # ${objectids} set Variable ${object_Subject_Id} - #创建策略 - #${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00006","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00006","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${Smtp服务器} Set Variable smtp.163.com - ${Smtp服务器端口} Set Variable 25 - ${邮箱账号} Set Variable z1343921421z@163.com - ${邮箱密码} Set Variable VIAVUYPIEJRDQDBN - ${邮件主题} Set Variable 姬巍川subject - ${发送者} Set Variable z1343921421z@163.com - ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] - ${接收者} Set Variable ["z1789327568z@163.com"] - ${抄送者} Set Variable ["z1789327568z@163.com"] - ${密送者} Set Variable ["z1789327568z@163.com"] - ${邮件正文} Set Variable 姬巍川content - ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} - Log ${发送邮件返回结果} - should contain ${发送邮件返回结果} mail_success - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +Resource ../../../02-Keyword/tsg_common/StmpHandle.robot + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Monitor-Mail-00001 + [Tags] Monitor IP MAIL Subject Account Content ATT_CONT From To + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Subject + ${addItemList1} Create Dictionary keywordArray=$人生路远及时行乐 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=dxy135222* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=good isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=Простопорно isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建创建From + ${addItemList1} Create Dictionary keywordArray=dxy135222 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + Comment 创建To + ${addItemList1} Create Dictionary keywordArray=115751 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId6} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId6} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId2}|TSG_FIELD_MAIL_ACCOUNT,${objectId1}|TSG_FIELD_MAIL_SUBJECT,${objectId3}|TSG_FIELD_MAIL_CONTENT,${objectId4}|TSG_FIELD_MAIL_ATT_CONTENT,${objectId5}|TSG_FIELD_MAIL_FROM,${objectId6}|TSG_FIELD_MAIL_TO isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + ${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${account_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + + +SecurityPolicy-Monitor-Mail-00002 + [Tags] Monitor IP MAIL Subject ATT_NAME Content ATT_CONT From To + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Subject + ${addItemList1} Create Dictionary keywordArray=$人生路远及时行乐 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建ATT_NAME + ${addItemList1} Create Dictionary keywordArray=测试文件 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=good isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=Простопорно isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId4} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4} + + Comment 创建创建From + ${addItemList1} Create Dictionary keywordArray=dxy135222 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId5} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5} + + Comment 创建To + ${addItemList1} Create Dictionary keywordArray=115751 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId6} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId6} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId2}|TSG_FIELD_MAIL_ATT_NAME,${objectId1}|TSG_FIELD_MAIL_SUBJECT,${objectId3}|TSG_FIELD_MAIL_CONTENT,${objectId4}|TSG_FIELD_MAIL_ATT_CONTENT,${objectId5}|TSG_FIELD_MAIL_FROM,${objectId6}|TSG_FIELD_MAIL_TO isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件"} + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${att_name_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + +SecurityPolicy-Monitor-Mail-00003 + [Tags] Monitor IP MAIL Subject + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Subject + ${addItemList1} Create Dictionary keywordArray=$人生路远及时行乐 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + +SecurityPolicy-Monitor-Mail-00004 + [Tags] Monitor IP MAIL Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=good isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${content_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} +SecurityPolicy-Monitor-Mail-00005 + [Tags] Monitor IP MAIL ATT_NAME + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建ATT_NAME + ${addItemList1} Create Dictionary keywordArray=测试文件 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_ATT_NAME isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_name_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + + +SecurityPolicy-Monitor-Mail-00006 + [Tags] Monitor IP MAIL ATT_CONT + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=Простопорно isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_content_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + + +SecurityPolicy-Monitor-Mail-00007 + [Tags] Monitor IP MAIL From + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建创建From + ${addItemList1} Create Dictionary keywordArray=dxy135222 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_FROM isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${from_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + +SecurityPolicy-Monitor-Mail-00008 + [Tags] Monitor IP MAIL To + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建To + ${addItemList1} Create Dictionary keywordArray=115751 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_TO isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${to_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + +SecurityPolicy-Monitor-Mail-00009 + [Tags] Monitor IP MAIL Account + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=dxy135222* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} filterList=${objectId1}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${account_id} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy} + + +SecurityPolicy-Monitor-Mail-00010 + [Tags] Monitor IP MAIL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL"} isValid=${1} appIdObjects=${MAIL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证 + ${Smtp服务器} Set Variable Smtp.163.com + ${Smtp服务器端口} Set Variable 25 + ${邮箱账号} Set Variable ${mailAccount163Dxy} + ${邮箱密码} Set Variable ${mailPasswordDxy} + ${邮件主题} Set Variable 人生路远及时行乐 + ${发送者} Set Variable ${mailAccount163Dxy} + ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"] + ${接收者} Set Variable ["${mailAccount163Lyf}"] + ${抄送者} Set Variable ["${mailAccount163Lyf}"] + ${密送者} Set Variable ["${mailAccount163Lyf}"] + ${邮件正文} Set Variable good + ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} + Log ${发送邮件返回结果} + run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success + ... ELSE should contain ${发送邮件返回结果} success + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account mail_from_cmd + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/MonitorSSLTests.robot b/01-TestCase/tsg_adc/api_security/MonitorSSLTests.robot index 86b3b2b..cfe4a7f 100644 --- a/01-TestCase/tsg_adc/api_security/MonitorSSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/MonitorSSLTests.robot @@ -1,98 +1,356 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc Security_Policy -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Resource ../../../03-Variable/BifangApiVariable.txt -Resource ../../../02-Keyword/tsg_common/StmpHandle.robot - -*** Variables *** -${policyIds} ${EMPTY} -${objectids} ${EMPTY} - -*** Test Cases *** -SecurityPolicy-monitor-SSL-00001 - [Tags] monitor ssl ip+cat - #创建SNI_CAT - ${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_sni_Id} - #删除对象 - ${objectids} set Variable ${object_sni_Id} - #创建SAN_CAT - ${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_san_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id} - #创建对象 CN_CAT - ${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_cn_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl001.bat - ... ELSE set variable curl -kv https://www.jd.com - @{stringlist} set variable 正品低价 html - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} @{stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com - -SecurityPolicy-monitor-SSL-00002 - [Tags] monitor ssl SUB+fqdn - # #创建对象SUB - # ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \ - # log ${object_SUB_Id} - # #删除对象 - # ${objectids} set Variable ${object_SUB_Id} - #创建SNI_CAT - ${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_sni_Id} - #删除对象 - ${objectids} set Variable ${object_sni_Id} - #创建SAN_CAT - ${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_san_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id} - #创建对象 CN_CAT - ${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_cn_Id} - #删除对象 - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id} - #创建策略 - #${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } - ${rescode} ${policyId} AddPolicy ${addPolicyStr} - log ${policyId} - #删除策略 - ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} - #功能端验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl002.bat - ... ELSE set variable curl -kv https://www.yhd.com - @{stringlist} set variable 货到付款 text - ${starttime} Get Time - Sleep ${policyVerificationSleepSeconds}s - ${rescode} SystemCommand ${commandstr} @{stringlist} - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - log ${rescode} - #日志验证 - ${s} Convert to String ${policyId} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.yhd.com - +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Library Selenium2Library +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Monitor-SSL-00001 + [Tags] Monitor IP SSL SNI SAN CN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SNI + ${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建CN + ${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建SAN + ${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"} + ${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"} + ${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${cn} ${san} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat + ... ELSE set variable curl https://www.academia.org/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia + ... ELSE Create List Accuracy In Academia + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-SSL-00002 + [Tags] Monitor IP SSL SNI + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SNI + ${addItemList1} Create Dictionary keywordArray=*freecountry.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "freecountry.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00001_1.bat + ... ELSE set variable curl \ https://freecountry.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Jackets + ... ELSE Create List Jackets + ${rescode} SystemCommands ${commandstr} ${stringlist} + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni freecountry.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-SSL-00003 + [Tags] Monitor IP SSL CN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建CN + ${addItemList1} Create Dictionary keywordArray=*keysnews.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "keysnews.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${cn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00002.bat + ... ELSE set variable curl https://www.keysnews.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List keysnews.com + ... ELSE Create List keysnews.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.keysnews.com + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-SSL-00004 + [Tags] Monitor IP SSL SAN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SAN + ${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${san} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat + ... ELSE set variable curl https://www.academia.org/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia + ... ELSE Create List Accuracy In Academia + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Monitor-SSL-00005 + [Tags] Monitor IP SSL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Monitor策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"} + + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat + ... ELSE set variable curl https://www.academia.org/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia + ... ELSE Create List Accuracy In Academia + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot b/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot index e776f10..9a093b6 100644 --- a/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot +++ b/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot @@ -1,248 +1,249 @@ -*** Settings *** -Library String -Library OperatingSystem -Library RequestsLibrary -Library Selenium2Library -Library Collections -Resource ../../../02-Keyword/tsg_bfapi/Common.robot -Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot -Resource ../../../03-Variable/BifangApiVariable.txt - -*** Keywords *** -QueryPolicyFile - [Arguments] ${url} ${suffix} - ${content_quary} Get-Request ${url}?isValid=1&${suffix} - ${msg_quary} Set Variable ${content_quary['msg']} - ${length} Get Length ${content_quary['data']['list']} - Should Be True ${length}>0 - Log quary operation:${msg_quary} - Log data:${content_quary['data']['list']} - -QueryPolicyFile2 - [Arguments] ${url} ${suffix} - ${content_quary} Get-Request ${url}?${suffix} - ${msg_quary} Set Variable ${content_quary['msg']} - ${length} Get Length ${content_quary['data']['list']} - Should Be True ${length}>0 - Log quary operation:${msg_quary} - Log data:${content_quary['data']['list']} - ${certId} Set Variable ${content_quary['data']['list'][0]['certId']} - [Return] ${certId} - -CreatePolicyFile - [Documentation] - ... 必传参数:url、filePath(文件路径)、fileName(文件名称) - ... 可选参数:header(不传时使用默认值) - [Arguments] ${url} ${filePath} ${fileName} @{header} - ${suffix} Generate Random String - ${certName} Catenate SEPARATOR=_ test ${suffix} - ${header} Run Keyword If ${header}==[] Set Variable {"isValid":1,"opAction":"add","certName":"${certName}","certId":null,"returnData":1} - ... ELSE Get From List ${header} 0 - - ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') - ${fileDict} Create Dictionary file=${binFile} - ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream - ${fileDesc} Create Dictionary File-Desc=${header} - ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${cerId} Set Variable ${list[0]['certId']} - ${certName} Set Variable ${list[0]['certName']} - ${response} Create Dictionary msg=${msg} certId=${cerId} certName=${certName} - Log add operation:${msg} - Log cerId:${cerId} - [Return] ${response} - -CreatePolicyFile2 - [Documentation] - ... 必传参数:url、filePath(文件路径)、fileName(文件名称)、flag(模块标识) - ... 可选参数:header(不传时使用默认值) - [Arguments] ${url} ${filePath} ${fileName} ${flag} @{header} - ${suffix} Generate Random String - ${randomName} Catenate SEPARATOR=_ test ${suffix} - ${value} Run Keyword If '${flag}'=='resPages' Set Variable {"isValid":1,"format":"html","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1} - ... ELSE IF '${flag}'=='hijack' Set Variable {"isValid":1,"contentType":"text/html","opAction":"add","profileName":"${randomName}","contentName":"${fileName}","profileId":null,"returnData":1} - ... ELSE IF '${flag}'=='insert' Set Variable {"isValid":1,"format":"js","insertOn":"after_page_load","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1} - - ${header} Run Keyword If ${header}==[] Set Variable ${value} - ... ELSE Get From List ${header} 0 - - ${binFile} Evaluate open(r"${filePath}${fileName}",'rb') - ${fileDict} Create Dictionary file=${binFile} - ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream - ${suffix} Generate Random String - ${profileName} Catenate SEPARATOR=_ test ${suffix} - ${fileDesc} Create Dictionary File-Desc=${header} - ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${profileId} Set Variable ${list[0]['profileId']} - ${profileName} Set Variable ${list[0]['profileName']} - ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} - Log add operation:${msg} - Log profileId:${profileId} - [Return] ${response} - -CreatePolicyFile3 - [Documentation] - ... 必传参数:url - ... 可选参数:data(不传时使用默认值) - [Arguments] ${url} @{data} - ${suffix} Generate Random String - ${profileName} Catenate SEPARATOR=_ test ${suffix} - ${data} Run Keyword If ${data}==[] Set Variable {"opAction":"add","returnData":1,"trafficMirrorList":[{"profileName":"${profileName}","addrType":"mac","isValid":1,"addrArray":["00:A1:B2:06:C3:29"]}]} - ... ELSE Get From List ${data} 0 - - ${content} Post-Request ${url} ${data} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${profileId} Set Variable ${list[0]['profileId']} - ${profileName} Set Variable ${list[0]['profileName']} - ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} - Log add operation:${msg} - Log profileId:${profileId} - [Return] ${response} - -CreatePolicyFileNoFile - [Documentation] - ... 必传参数:url - ... 可选参数:data(不传时使用默认值) - [Arguments] ${url} ${requestbody} - ${content} Post-Request ${url} ${requestbody} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${profileId} Set Variable ${list[0]['profileId']} - ${profileName} Set Variable ${list[0]['profileName']} - ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} - Log add operation:${msg} - Log profileId:${profileId} - [Return] ${response} - -CreatePolicyMutipartFile - [Arguments] ${url} ${filePath} ${pubFileName} ${priFileName} ${keyringType} @{header} - [Documentation] 必传参数:url、filePath(文件路径)、pubFileName(证书文件名)、priFileName(私钥文件名),keyringType(证书类型) - ... 可选参数:header(不传时使用默认值) - ${suffix} Generate Random String - ${certName} Catenate SEPARATOR=_ test ${suffix} - ${header} Run Keyword If ${header}==[] Set Variable {"isValid":1,"opAction":"add","returnData":1,"keyringName":"${certName}","keyringType":"${keyringType}","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} - ... ELSE Get From List ${header} 0 - ${pubFile} Evaluate open(r"${path}/${filePath}${pubFileName}",'rb') - ${priFile} Evaluate open(r"${path}/${filePath}${priFileName}",'rb') - ${fileDict} Create Dictionary publicFile ${pubFile} - Set To Dictionary ${fileDict} privateFile ${priFile} - ${requestData} Create Dictionary name="publicFile" filename="${pubFileName}" Content-Type=application/octet-stream - Set To Dictionary ${requestData} name privateFile - Set To Dictionary ${requestData} filename ${priFileName} - Set To Dictionary ${requestData} Content-Type application/octet-stream - ${fileDesc} Create Dictionary File-Desc=${header} - ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${keyringId} Set Variable ${list[0]['keyringId']} - ${keyringName} Set Variable ${list[0]['keyringName']} - ${response} Create Dictionary msg=${msg} keyringId=${keyringId} keyringName=${keyringName} - Log add operation:${msg} - Log keyringId:${keyringId} - [Return] ${response} - -UpdatePolicyMutipartFile - [Arguments] ${url} ${filePath} ${pubFileName} ${priFileName} ${reqHeader} - ${pubFile} Evaluate open(r"${path}/${filePath}${pubFileName}",'rb') - ${priFile} Evaluate open(r"${path}/${filePath}${priFileName}",'rb') - ${fileDict} Create Dictionary publicFile ${pubFile} - Set To Dictionary ${fileDict} privateFile ${priFile} - - ${requestData} Create Dictionary name="publicFile" filename="${pubFileName}" Content-Type=application/octet-stream - Set To Dictionary ${requestData} name privateFile - Set To Dictionary ${requestData} filename ${priFileName} - Set To Dictionary ${requestData} Content-Type application/octet-stream - - ${fileDesc} Create Dictionary File-Desc ${reqHeader} - ${content} UpFilePutRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - Log update operation:${msg} - Log update condition:${reqHeader} - -UpdatePolicyFile - [Arguments] ${url} ${filePath} ${fileName} ${reqHeader} - ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') - ${fileDict} Create Dictionary file=${binFile} - ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream - ${fileDesc} Create Dictionary File-Desc=${reqHeader} - ${content} UpFilePutRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - Log update operation:${msg} - Log update condition:${reqHeader} - -UpdatePolicyFile2 - [Arguments] ${url} ${data} - ${header} Create Dictionary Content-Type=application/json Authorization=${token} - Create Session api http://${host}:${port} headers=${header} - ${remoteResponse} Put Request api ${url} data=${data} headers=${header} - ${response} to json ${remoteResponse.content} - Should Be Equal As Strings ${remoteResponse.status_code} 200 - ${msg} Set Variable ${response['msg']} - Log update operation:${msg} - Log update condition:${data} - -DeletePolicyFile - [Arguments] ${url} ${data} - ${content} Delete-Request ${url} ${data} - ${msg} Set Variable ${content['msg']} - Log delete operation:${msg} - Log delete condition:${data} - -TeardownDelete - [Arguments] ${url} ${key} ${value} - ${ids} Create List ${value} - ${data} Create Dictionary ${key}=${ids} - ${content} Delete-Request ${url} ${data} - ${msg} Set Variable ${content['msg']} - Log teardown operation:${msg} - Log teardown condition:${data} - - -CreatePolicyFile4 - [Arguments] ${url} ${filePath} ${fileName} ${objectDict} - [Timeout] - ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') - ${fileDict} Create Dictionary file=${binFile} - ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream - ${suffix} Generate Random String - ${profileName} Catenate SEPARATOR=_ test ${suffix} - log ${objectDict} - ${string} Convert To String ${objectDict} - ${fileDesc} Create Dictionary File-Desc=${string} - log ${fileDesc}[File-Desc] - ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${profileId} Set Variable ${list[0]['profileId']} - ${profileName} Set Variable ${list[0]['profileName']} - ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} - Log add operation:${msg} - Log profileId:${profileId} - [Return] ${response} - -CreateRequest - [Arguments] ${url} ${data} - [Documentation] 必传参数:url - ... 可选参数:data(不传时使用默认值) - ${content} Post-Request ${url} ${data} - ${msg} Set Variable ${content['msg']} - ${list} Set Variable ${content['data']['list']} - ${profileId} Set Variable ${list[0]['profileId']} - ${profileName} Set Variable ${list[0]['profileName']} - ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} - Log add operation:${msg} - Log profileId:${profileId} - [Return] ${response} -DeletePolicyFile1 - [Arguments] ${url} ${profileId} - #删除文件 - log todeleteobj - ${response} BaseDeleteRequest ${url} {"profileIds":[${profileId}]} - ${response_code} Get From Dictionary ${response} code - Should Be Equal As Strings ${response_code} 200 - ${response} Convert to String ${response} - log ${response} +*** Settings *** +Library String +Library OperatingSystem +Library RequestsLibrary +Library Selenium2Library +Library Collections +Resource ../../../02-Keyword/tsg_bfapi/Common.robot +Resource ../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../../03-Variable/BifangApiVariable.txt + +*** Keywords *** +QueryPolicyFile + [Arguments] ${url} ${suffix} + ${content_quary} Get-Request ${url}?isValid=1&${suffix} + ${msg_quary} Set Variable ${content_quary['msg']} + ${length} Get Length ${content_quary['data']['list']} + Should Be True ${length}>0 + Log quary operation:${msg_quary} + Log data:${content_quary['data']['list']} + +QueryPolicyFile2 + [Arguments] ${url} ${suffix} + ${content_quary} Get-Request ${url}?${suffix} + ${msg_quary} Set Variable ${content_quary['msg']} + ${length} Get Length ${content_quary['data']['list']} + Should Be True ${length}>0 + Log quary operation:${msg_quary} + Log data:${content_quary['data']['list']} + ${certId} Set Variable ${content_quary['data']['list'][0]['certId']} + [Return] ${certId} + +CreatePolicyFile + [Documentation] + ... 必传参数:url、filePath(文件路径)、fileName(文件名称) + ... 可选参数:header(不传时使用默认值) + [Arguments] ${url} ${filePath} ${fileName} @{header} + ${suffix} Generate Random String + ${certName} Catenate SEPARATOR=_ test ${suffix} + ${header} Run Keyword If ${header}==[] Set Variable {"isValid":1,"opAction":"add","certName":"${certName}","certId":null,"returnData":1} + ... ELSE Get From List ${header} 0 + + ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') + ${fileDict} Create Dictionary file=${binFile} + ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream + ${fileDesc} Create Dictionary File-Desc=${header} + ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${cerId} Set Variable ${list[0]['certId']} + ${certName} Set Variable ${list[0]['certName']} + ${response} Create Dictionary msg=${msg} certId=${cerId} certName=${certName} + Log add operation:${msg} + Log cerId:${cerId} + [Return] ${response} + +CreatePolicyFile2 + [Documentation] + ... 必传参数:url、filePath(文件路径)、fileName(文件名称)、flag(模块标识) + ... 可选参数:header(不传时使用默认值) + [Arguments] ${url} ${filePath} ${fileName} ${flag} @{header} + ${suffix} Generate Random String + ${randomName} Catenate SEPARATOR=_ test ${suffix} + ${value} Run Keyword If '${flag}'=='resPages' Set Variable {"isValid":1,"format":"html","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1} + ... ELSE IF '${flag}'=='hijack' Set Variable {"isValid":1,"contentType":"text/html","opAction":"add","profileName":"${randomName}","contentName":"${fileName}","profileId":null,"returnData":1} + ... ELSE IF '${flag}'=='insert' Set Variable {"isValid":1,"format":"js","insertOn":"after_page_load","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1} + ... ELSE IF '${flag}'=='insertcss' Set Variable {"isValid":1,"format":"css","insertOn":"after_page_load","opAction":"add","profileName":"${randomName}","profileId":null,"returnData":1} + + ${header} Run Keyword If ${header}==[] Set Variable ${value} + ... ELSE Get From List ${header} 0 + + ${binFile} Evaluate open(r"${filePath}${fileName}",'rb') + ${fileDict} Create Dictionary file=${binFile} + ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream + ${suffix} Generate Random String + ${profileName} Catenate SEPARATOR=_ test ${suffix} + ${fileDesc} Create Dictionary File-Desc=${header} + ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} + +CreatePolicyFile3 + [Documentation] + ... 必传参数:url + ... 可选参数:data(不传时使用默认值) + [Arguments] ${url} @{data} + ${suffix} Generate Random String + ${profileName} Catenate SEPARATOR=_ test ${suffix} + ${data} Run Keyword If ${data}==[] Set Variable {"opAction":"add","returnData":1,"trafficMirrorList":[{"profileName":"${profileName}","addrType":"mac","isValid":1,"addrArray":["00:A1:B2:06:C3:29"]}]} + ... ELSE Get From List ${data} 0 + + ${content} Post-Request ${url} ${data} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} + +CreatePolicyFileNoFile + [Documentation] + ... 必传参数:url + ... 可选参数:data(不传时使用默认值) + [Arguments] ${url} ${requestbody} + ${content} Post-Request ${url} ${requestbody} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} + +CreatePolicyMutipartFile + [Arguments] ${url} ${filePath} ${pubFileName} ${priFileName} ${keyringType} @{header} + [Documentation] 必传参数:url、filePath(文件路径)、pubFileName(证书文件名)、priFileName(私钥文件名),keyringType(证书类型) + ... 可选参数:header(不传时使用默认值) + ${suffix} Generate Random String + ${certName} Catenate SEPARATOR=_ test ${suffix} + ${header} Run Keyword If ${header}==[] Set Variable {"isValid":1,"opAction":"add","returnData":1,"keyringName":"${certName}","keyringType":"${keyringType}","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa1024","keyringId":null,"includeRoot":0} + ... ELSE Get From List ${header} 0 + ${pubFile} Evaluate open(r"${path}/${filePath}${pubFileName}",'rb') + ${priFile} Evaluate open(r"${path}/${filePath}${priFileName}",'rb') + ${fileDict} Create Dictionary publicFile ${pubFile} + Set To Dictionary ${fileDict} privateFile ${priFile} + ${requestData} Create Dictionary name="publicFile" filename="${pubFileName}" Content-Type=application/octet-stream + Set To Dictionary ${requestData} name privateFile + Set To Dictionary ${requestData} filename ${priFileName} + Set To Dictionary ${requestData} Content-Type application/octet-stream + ${fileDesc} Create Dictionary File-Desc=${header} + ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${keyringId} Set Variable ${list[0]['keyringId']} + ${keyringName} Set Variable ${list[0]['keyringName']} + ${response} Create Dictionary msg=${msg} keyringId=${keyringId} keyringName=${keyringName} + Log add operation:${msg} + Log keyringId:${keyringId} + [Return] ${response} + +UpdatePolicyMutipartFile + [Arguments] ${url} ${filePath} ${pubFileName} ${priFileName} ${reqHeader} + ${pubFile} Evaluate open(r"${path}/${filePath}${pubFileName}",'rb') + ${priFile} Evaluate open(r"${path}/${filePath}${priFileName}",'rb') + ${fileDict} Create Dictionary publicFile ${pubFile} + Set To Dictionary ${fileDict} privateFile ${priFile} + + ${requestData} Create Dictionary name="publicFile" filename="${pubFileName}" Content-Type=application/octet-stream + Set To Dictionary ${requestData} name privateFile + Set To Dictionary ${requestData} filename ${priFileName} + Set To Dictionary ${requestData} Content-Type application/octet-stream + + ${fileDesc} Create Dictionary File-Desc ${reqHeader} + ${content} UpFilePutRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + Log update operation:${msg} + Log update condition:${reqHeader} + +UpdatePolicyFile + [Arguments] ${url} ${filePath} ${fileName} ${reqHeader} + ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') + ${fileDict} Create Dictionary file=${binFile} + ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream + ${fileDesc} Create Dictionary File-Desc=${reqHeader} + ${content} UpFilePutRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + Log update operation:${msg} + Log update condition:${reqHeader} + +UpdatePolicyFile2 + [Arguments] ${url} ${data} + ${header} Create Dictionary Content-Type=application/json Authorization=${token} + Create Session api http://${host}:${port} headers=${header} + ${remoteResponse} Put Request api ${url} data=${data} headers=${header} + ${response} to json ${remoteResponse.content} + Should Be Equal As Strings ${remoteResponse.status_code} 200 + ${msg} Set Variable ${response['msg']} + Log update operation:${msg} + Log update condition:${data} + +DeletePolicyFile + [Arguments] ${url} ${data} + ${content} Delete-Request ${url} ${data} + ${msg} Set Variable ${content['msg']} + Log delete operation:${msg} + Log delete condition:${data} + +TeardownDelete + [Arguments] ${url} ${key} ${value} + ${ids} Create List ${value} + ${data} Create Dictionary ${key}=${ids} + ${content} Delete-Request ${url} ${data} + ${msg} Set Variable ${content['msg']} + Log teardown operation:${msg} + Log teardown condition:${data} + + +CreatePolicyFile4 + [Arguments] ${url} ${filePath} ${fileName} ${objectDict} + [Timeout] + ${binFile} Evaluate open(r"${path}/${filePath}${fileName}",'rb') + ${fileDict} Create Dictionary file=${binFile} + ${requestData} Create Dictionary name="file" filename="${fileName}" Content-Type=application/octet-stream + ${suffix} Generate Random String + ${profileName} Catenate SEPARATOR=_ test ${suffix} + log ${objectDict} + ${string} Convert To String ${objectDict} + ${fileDesc} Create Dictionary File-Desc=${string} + log ${fileDesc}[File-Desc] + ${content} UpFilePostRequest ${url} ${requestData} ${fileDict} ${fileDesc} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} + +CreateRequest + [Arguments] ${url} ${data} + [Documentation] 必传参数:url + ... 可选参数:data(不传时使用默认值) + ${content} Post-Request ${url} ${data} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} +DeletePolicyFile1 + [Arguments] ${url} ${profileId} + #删除文件 + log todeleteobj + ${response} BaseDeleteRequest ${url} {"profileIds":[${profileId}]} + ${response_code} Get From Dictionary ${response} code + Should Be Equal As Strings ${response_code} 200 + ${response} Convert to String ${response} + log ${response} diff --git a/02-Keyword/tsg_bfapi/policy_object/Application.robot b/02-Keyword/tsg_bfapi/policy_object/Application.robot index cdfbb9f..37e41bb 100644 --- a/02-Keyword/tsg_bfapi/policy_object/Application.robot +++ b/02-Keyword/tsg_bfapi/policy_object/Application.robot @@ -39,11 +39,14 @@ GetAppIdObjects [Return] ${appidobject} DeletePolicyAndObjectAndApplicationAndSignature - [Arguments] ${policyids} ${objectids} ${appids}=${EMPTY} ${signatureId}=${EMPTY} + [Arguments] ${policyids} ${objectids} ${appids}=${EMPTY} ${signatureId}=${EMPTY} ${policyids1}=${EMPTY} ${url}=${EMPTY} ${profiledId}=${EMPTY} #删除和对象 #2020-09-01修改,引用DeletePolicyAndGroupObject,避免分别维护并兼容之前用例 Run Keyword If "${policyids}"=="${EMPTY}" log no policyids to del ... ELSE DeletePolicyNew ${policyids} + + Run Keyword If "${policyids1}"=="${EMPTY}" log no policyids to del + ... ELSE DeletePolicyNew1 ${policyids1} Run Keyword If "${appids}"=="${EMPTY}" log no appids to del ... ELSE DeleteApplicationNew ${appids} @@ -54,6 +57,11 @@ DeletePolicyAndObjectAndApplicationAndSignature Run Keyword If "${objectids}"=="${EMPTY}" log no Objects to del ... ELSE DeleteObjectNew ${objectids} + #删除文件 + + Run Keyword If "${profiledId}"=="${EMPTY}" log no file to del + ... ELSE DeletePolicyFile2 ${url} ${profiledId} + DeleteApplicationNew [Arguments] ${appids} #删除Application @@ -90,4 +98,25 @@ DeletePolicyNew ${response_code} Get From Dictionary ${response} code Should Be Equal As Strings ${response_code} 200 ${response} Convert to String ${response} + log ${response} + +DeletePolicyNew1 + [Arguments] ${policyids} + #删除策略 + log toDeletePolicy_DeletePolicyDeletePolicy + ${response} BaseDeleteRequest /${version}/policy/compile {"policyType":"pxy_manipulation","policyIds":[${policyids}]} + ${response_code} Get From Dictionary ${response} code + Should Be Equal As Strings ${response_code} 200 + ${response} Convert to String ${response} + log ${response} + +DeletePolicyFile2 + [Arguments] ${url} ${profileId} + #删除文件 + log todeleteobj_DeletePolicyAndObject + log todeleteobj + ${response} BaseDeleteRequest ${url} {"profileIds":[${profileId}]} + ${response_code} Get From Dictionary ${response} code + Should Be Equal As Strings ${response_code} 200 + ${response} Convert to String ${response} log ${response} \ No newline at end of file diff --git a/02-Keyword/tsg_common/StmpHandle.robot b/02-Keyword/tsg_common/StmpHandle.robot index 4d93acc..836bddf 100644 --- a/02-Keyword/tsg_common/StmpHandle.robot +++ b/02-Keyword/tsg_common/StmpHandle.robot @@ -1,43 +1,43 @@ -*** Settings *** -Library Smtp3Library - -*** Keywords *** -EmailLogin - [Arguments] ${SURL} ${SPORT} ${SUSER} ${SPWD} - [Documentation] [${SURL}:邮箱发送服务器,比如:腾讯企业邮箱:smtp.exmail.qq.com;qq邮箱:smtp.qq.com;163邮箱:smtp.163.com等] - ... [${SPORT}:邮箱发送服务器的端口,无论是哪种邮箱的,一般是25,该值可灵活填充] - ... [${SUSER}:邮箱登入用户名,无需转码] - ... [${SPWD}:登入密码。对于腾讯企业邮箱,密码无变化;qq邮箱需要第三方授权码登入;163邮箱需要第三方授权码登入] - ... [关键字返回值:这是163邮箱的返回结果:不同邮箱可能不太一样(235, b'Authentication successful')] - [Tags] function email send - Prepare Connection ${SURL} ${SPORT} ${SUSER} ${SPWD} - Connect - Ehlo - ${result} logins - run keyword if "${result}"=="fail" log ${result} - ... ELSE run keywords Quit AND Close Connection - #Quit - #Close Connection - [Return] ${result} # 返回登入结果 - -EmailSendFull - [Arguments] ${SURL} ${SPORT} ${SUSER} ${PWD} ${SUBJ} ${FROM} ${to} ${cc} ${bcc} ${Sbody} ${attach} - [Documentation] [注意:所有参数都是必填参数] - ... [${SURL}:邮箱发送服务器,比如:smtp.qq.com] - ... [${SPORT}:邮箱服务器,写法如:25] - ... [${SUSER}:登入名,如:zhangsan@qq.com] - ... [${PWD}:登入密码,不同类型的邮箱登入密码需求不一样,具体看EmailLogin关键字对于密码的要求] - ... [${SUBJ}:主题,如:111111] - ... [${FROM} :发送者,例如:zhangsan@qq.com] - ... [ ${to} :接收者,可以写多个,写法例如:["lisi@qq.com","wangwu@163.com"] ,若写单个接收者["lisi@qq.com"] ] - ... [${cc}:抄送者。可以写多个,写法同${to}] - ... [${bcc}:密送者。可以写多个,写法同${to}] - ... [${Sbody}:邮件正文,写法如:1234teacher] - ... [${attach}:附件文本,可以写多个,注意本地是否有这些文件。写法如:["1.txt","E://abc.txt"]] - ... [关键字返回值:发送成功会返回{},空的内容] - [Tags] function email send - Prepare Connection ${SURL} ${SPORT} ${SUSER} ${PWD} - ${send_result} Send Message With All Parameters ${SURL} ${SUSER} ${PWD} ${SUBJ} ${FROM} ${to} ${cc} ${bcc} ${Sbody} ${attach} - Comment Send Message - Close Connection - [Return] ${send_result} # 返回发送邮件结果 +*** Settings *** +Library Smtp3Library + +*** Keywords *** +EmailLogin + [Arguments] ${SURL} ${SPORT} ${SUSER} ${SPWD} + [Documentation] [${SURL}:邮箱发送服务器,比如:腾讯企业邮箱:smtp.exmail.qq.com;qq邮箱:smtp.qq.com;163邮箱:smtp.163.com等] + ... [${SPORT}:邮箱发送服务器的端口,无论是哪种邮箱的,一般是25,该值可灵活填充] + ... [${SUSER}:邮箱登入用户名,无需转码] + ... [${SPWD}:登入密码。对于腾讯企业邮箱,密码无变化;qq邮箱需要第三方授权码登入;163邮箱需要第三方授权码登入] + ... [关键字返回值:这是163邮箱的返回结果:不同邮箱可能不太一样(235, b'Authentication successful')] + [Tags] function email send + Prepare Connection ${SURL} ${SPORT} ${SUSER} ${SPWD} + Connect + Ehlo + ${result} logins + run keyword if "${result}"=="fail" log ${result} + ... ELSE run keywords Quit AND Close Connection + #Quit + #Close Connection + [Return] ${result} # 返回登入结果 + +EmailSendFull + [Arguments] ${SURL} ${SPORT} ${SUSER} ${PWD} ${SUBJ} ${FROM} ${to} ${cc} ${bcc} ${Sbody} ${attach} + [Documentation] [注意:所有参数都是必填参数] + ... [${SURL}:邮箱发送服务器,比如:smtp.qq.com] + ... [${SPORT}:邮箱服务器,写法如:25] + ... [${SUSER}:登入名,如:zhangsan@qq.com] + ... [${PWD}:登入密码,不同类型的邮箱登入密码需求不一样,具体看EmailLogin关键字对于密码的要求] + ... [${SUBJ}:主题,如:111111] + ... [${FROM} :发送者,例如:zhangsan@qq.com] + ... [ ${to} :接收者,可以写多个,写法例如:["lisi@qq.com","wangwu@163.com"] ,若写单个接收者["lisi@qq.com"] ] + ... [${cc}:抄送者。可以写多个,写法同${to}] + ... [${bcc}:密送者。可以写多个,写法同${to}] + ... [${Sbody}:邮件正文,写法如:1234teacher] + ... [${attach}:附件文本,可以写多个,注意本地是否有这些文件。写法如:["1.txt","E://abc.txt"]] + ... [关键字返回值:发送成功会返回{},空的内容] + [Tags] function email send + Prepare Connection ${SURL} ${SPORT} ${SUSER} ${PWD} + ${send_result} Send Message With All Parameters ${SURL} ${SUSER} ${PWD} ${SUBJ} ${FROM} ${to} ${cc} ${bcc} ${Sbody} ${attach} + Comment Send Message + Close Connection + [Return] ${send_result} # 返回发送邮件结果 diff --git a/03-Variable/ApplicationID.txt b/03-Variable/ApplicationID.txt index ecac89b..f9c0249 100644 --- a/03-Variable/ApplicationID.txt +++ b/03-Variable/ApplicationID.txt @@ -7,14 +7,14 @@ ${UNKNOWN_TCP_ID} 18 ${UNKNOWN_UDP_ID} 19 ${UNKNOWN_OTHER_ID} 20 -${DNS_ID} 21 -${FTP_ID} 22 +${DNS_ID} 75167 +${FTP_ID} 75479 ${FTPS_ID} 23 -${HTTP_ID} 24 +${HTTP_ID} 75744 ${HTTPS_ID} 25 ${ICMP_ID} 26 ${IKE_ID} 27 -${MAIL_ID} 28 +${MAIL_ID} 77950 ${IMAPS_ID} 29 ${IPSEC_ID} 30 ${XMPP_ID} 31 @@ -22,13 +22,13 @@ ${L2TP_ID} 32 ${NTP_ID} 33 ${POP3S_ID} 35 ${PPTP_ID} 36 -${QUIC_ID} 37 -${SIP_ID} 38 +${QUIC_ID} 76793 +${SIP_ID} 77048 ${SMB_ID} 39 ${SMTPS_ID} 41 ${SPDY_ID} 42 ${SSH_ID} 43 -${SSL_ID} 44 +${SSL_ID} 77159 ${SOCKS_ID} 45 ${TELNET_ID} 46 ${DHCP_ID} 47 diff --git a/Api_allowlog (2).html b/Api_allowlog (2).html new file mode 100644 index 0000000..b0854cb --- /dev/null +++ b/Api_allowlog (2).html @@ -0,0 +1,2161 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Opening Robot Framework log failed

+ +
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + +