提交安全策略和代理策略全流程用例
This commit is contained in:
lyf
@@ -40,12 +40,11 @@ SecurityPolicy-Allow-DNS-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "103"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "32"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -73,6 +72,6 @@ SecurityPolicy-Allow-DNS-00001
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname www.facebook.com
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Selenium2Library
|
||||
Library Selenium2Library
|
||||
Library Custometest
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
@@ -12,7 +13,7 @@ Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
@@ -40,12 +41,11 @@ SecurityPolicy-Allow-FTP-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -65,12 +65,12 @@ SecurityPolicy-Allow-FTP-00001
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/wlcsy.txt -u ftpuser:111111 中文文件内容
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -39,19 +39,19 @@ SecurityPolicy-Allow-Http-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds} ${objectid_verify}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
@@ -103,13 +103,13 @@ SecurityPolicy-Allow-Http-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "www.66rpg.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.66rpg.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -149,7 +149,7 @@ SecurityPolicy-Allow-Http-00003
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
@@ -167,13 +167,13 @@ SecurityPolicy-Allow-Http-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -193,8 +193,8 @@ SecurityPolicy-Allow-Http-00003
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Allow_HTTP_00001_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List COVID
|
||||
... ELSE Create List COVID
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List clintonairport.com
|
||||
... ELSE Create List clintonairport.com
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
@@ -220,7 +220,7 @@ SecurityPolicy-Allow-Http-00004
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=$clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=clintonairport.com/airlines-flights/covid/ isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
@@ -238,14 +238,14 @@ SecurityPolicy-Allow-Http-00004
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "clintonairport.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com/airlines-flights/covid/"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "clintonairport.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
|
||||
@@ -13,11 +13,13 @@ Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
|
||||
SecurityPolicy-Allow-MAIL-00001
|
||||
[Tags] Allow IP MAIL
|
||||
Comment 创建IP
|
||||
@@ -40,12 +42,11 @@ SecurityPolicy-Allow-MAIL-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "110"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "8004"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -76,12 +77,12 @@ SecurityPolicy-Allow-MAIL-00001
|
||||
${邮件正文} Set Variable Простопорно
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} success
|
||||
... ELSE should contain ${发送邮件返回结果} success
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account mail_from_cmd
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -40,12 +40,11 @@ SecurityPolicy-Allow-QUCI-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "2521"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
|
||||
@@ -46,13 +46,13 @@ SecurityPolicy-Allow-SSL-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.facebook.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -107,12 +107,12 @@ SecurityPolicy-Allow-SSL-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -139,6 +139,6 @@ SecurityPolicy-Allow-SSL-00002
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.facebook.com
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni ssl_cn
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -38,7 +38,7 @@ SecurityPolicy-Allow-SIP-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -67,7 +67,7 @@ SecurityPolicy-Allow-SIP-00001
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
# Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Allow-FTP-00002
|
||||
SecurityPolicy-Allow-SIP-00002
|
||||
[Tags] Allow IP SIP Originator Description Responder Description
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
@@ -92,8 +92,8 @@ SecurityPolicy-Allow-FTP-00002
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
Comment 创建Allow策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
@@ -104,9 +104,9 @@ SecurityPolicy-Allow-FTP-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=182 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=182 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
|
||||
@@ -40,12 +40,12 @@ SecurityPolicy-Deny-DNS-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" }
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" }
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -73,7 +73,7 @@ SecurityPolicy-Deny-DNS-00001
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname facebook.com
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS
|
||||
|
||||
SecurityPolicy-Deny-DNS-00002
|
||||
[Tags] Deny IP DNS QNAME
|
||||
@@ -105,13 +105,13 @@ SecurityPolicy-Deny-DNS-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=103 appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" }
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" }
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -171,13 +171,13 @@ SecurityPolicy-Deny-DNS-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=103 appName=dns protocol=dns attributeValue={"string": "aec188.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"103" }
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "aec188.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" }
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library OperatingSystem
|
||||
Library Custometest
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
@@ -11,7 +12,7 @@ Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -38,7 +39,7 @@ SecurityPolicy-Deny-FTP-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -69,7 +70,7 @@ SecurityPolicy-Deny-FTP-00001
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Deny-FTP-00002
|
||||
[Tags] Deny IP FTP Account URI Content
|
||||
@@ -82,7 +83,7 @@ SecurityPolicy-Deny-FTP-00002
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
@@ -115,10 +116,10 @@ SecurityPolicy-Deny-FTP-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -163,7 +164,7 @@ SecurityPolicy-Deny-FTP-00003
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
@@ -182,8 +183,8 @@ SecurityPolicy-Deny-FTP-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -246,8 +247,8 @@ SecurityPolicy-Deny-FTP-00004
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -295,12 +296,12 @@ SecurityPolicy-Deny-FTP-00005
|
||||
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_CONTENT isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
@@ -311,8 +312,8 @@ SecurityPolicy-Deny-FTP-00005
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
|
||||
@@ -39,12 +39,12 @@ SecurityPolicy-Deny-HTTP-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -72,7 +72,7 @@ SecurityPolicy-Deny-HTTP-00001
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.lkong.net
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-HTTP-00002
|
||||
@@ -103,13 +103,13 @@ SecurityPolicy-Deny-HTTP-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "bellaircraftmuseum.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "bellaircraftmuseum.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -152,8 +152,8 @@ SecurityPolicy-Deny-HTTP-00003
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=*/news/ isHexbin=${0}
|
||||
${addItemList2} Create Dictionary keywordArray=$www.icbc.com.cn/ isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=news isHexbin=${0}
|
||||
${addItemList2} Create Dictionary keywordArray=www.icbc.com.cn isHexbin=${0}
|
||||
${addItemList3} Create Dictionary keywordArray=www.gotohoroscope* isHexbin=${0}
|
||||
${addItemList4} Create Dictionary keywordArray=indexv isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${addItemList4}
|
||||
@@ -178,13 +178,13 @@ SecurityPolicy-Deny-HTTP-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "www.icbc.com.cn/"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.icbc.com.cn/"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -267,13 +267,13 @@ SecurityPolicy-Deny-HTTP-00004
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${req_hdr_ua}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -332,13 +332,13 @@ SecurityPolicy-Deny-HTTP-00005
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "utf-8aabnna","district": "Content-Type"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "utf-8","district": "Content-Type"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_hdr_ct}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -396,13 +396,13 @@ SecurityPolicy-Deny-HTTP-00006
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "ipp_uid2","district": "Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "ipp_uid2","district": "Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${req_hdr_ck}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -442,14 +442,14 @@ SecurityPolicy-Deny-HTTP-00007
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Set-Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=CURRENT_CITY_CODE* isHexbin=${0} district=Set-Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=ASP.NET isHexbin=${0} district=Set-Cookie
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP","method":"drop"} filterList=${objectId}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
@@ -460,13 +460,13 @@ SecurityPolicy-Deny-HTTP-00007
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "CURRENT_CITY_CODE","district": "Set-Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "ASP.NET","district": "Set-Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_hdr_sc}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -484,8 +484,8 @@ SecurityPolicy-Deny-HTTP-00007
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00013.bat
|
||||
... ELSE set variable curl --connect-timeout 5 -m 10 www.ziroom.com/life/index -o /dev/null
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00013_1.bat
|
||||
... ELSE set variable curl --connect-timeout 5 -m 10 blog.cnstock.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 000
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
@@ -494,7 +494,7 @@ SecurityPolicy-Deny-HTTP-00007
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.ziroom.com
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host blog.cnstock.com
|
||||
|
||||
SecurityPolicy-Deny-HTTP-00008
|
||||
[Tags] Deny IP HTTP Request Content
|
||||
@@ -524,13 +524,13 @@ SecurityPolicy-Deny-HTTP-00008
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=106 appName=http protocol=http attributeValue={"string": "testDenyHttp0014"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testDenyHttp0014"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_body}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -550,8 +550,8 @@ SecurityPolicy-Deny-HTTP-00008
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00014.bat
|
||||
... ELSE set variable curl -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"testDenyHttp0014","setcook":"12345678","contenttype": "content-type","responsebody": "testDenyHttp0014"}" http://open.node.com:180/go
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List after
|
||||
... ELSE Create List after
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
@@ -588,13 +588,13 @@ SecurityPolicy-Deny-HTTP-00009
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=106 appName=http protocol=http attributeValue={"string": "华彤公司"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "华彤公司"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${res_body}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -680,17 +680,17 @@ SecurityPolicy-Deny-HTTP-00010
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "open.node.com"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "open.node.com/"}
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"}
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=106 appName=http protocol=http attributeValue={"string": "testDenyHttp0016"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com/"}
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"}
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testDenyHttp0016"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -737,7 +737,7 @@ SecurityPolicy-Deny-HTTP-00011
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=*send-free-sms.aspx isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=send-free-sms.aspx isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
@@ -776,17 +776,17 @@ SecurityPolicy-Deny-HTTP-00011
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=106 appName=http protocol=http attributeValue={"string": "smspunch.net"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=106 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"}
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=106 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"}
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=106 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"}
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=106 appName=http protocol=http attributeValue={"string": "Cell No"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "106"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"}
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"}
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"}
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "Cell No"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url} ${req_hdr_ck} ${res_hdr_sc} ${res_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
|
||||
@@ -12,6 +12,7 @@ Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
@@ -82,18 +83,18 @@ SecurityPolicy-Deny-Mail-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
${account_id} Create Dictionary attributeType=string attributeName=account appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${account_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${account_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -125,7 +126,7 @@ SecurityPolicy-Deny-Mail-00001
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -198,18 +199,18 @@ SecurityPolicy-Deny-Mail-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=110 appName=mail protocol=mail attributeValue={"string": "测试文件"}
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件"}
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${att_name_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id} ${content_id} ${att_content_id} ${from_id} ${to_id} ${att_name_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -241,7 +242,7 @@ SecurityPolicy-Deny-Mail-00002
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -279,13 +280,13 @@ SecurityPolicy-Deny-Mail-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=110 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${subject_id} Create Dictionary attributeType=string attributeName=subject appId=8004 appName=mail protocol=mail attributeValue={"string": "人生路远及时行乐"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${subject_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${subject_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -317,7 +318,7 @@ SecurityPolicy-Deny-Mail-00003
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -355,13 +356,13 @@ SecurityPolicy-Deny-Mail-00004
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=110 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${content_id} Create Dictionary attributeType=string attributeName=content appId=8004 appName=mail protocol=mail attributeValue={"string": "good"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${content_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${content_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -393,7 +394,7 @@ SecurityPolicy-Deny-Mail-00004
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -411,7 +412,7 @@ SecurityPolicy-Deny-Mail-00005
|
||||
|
||||
|
||||
Comment 创建ATT_NAME
|
||||
${addItemList1} Create Dictionary keywordArray=测试文件 isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=.txt isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
@@ -430,13 +431,13 @@ SecurityPolicy-Deny-Mail-00005
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=110 appName=mail protocol=mail attributeValue={"string": "测试文件"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${att_name_id} Create Dictionary attributeType=string attributeName=att_name appId=8004 appName=mail protocol=mail attributeValue={"string": "测试文件.txt"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_name_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_name_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -468,14 +469,14 @@ SecurityPolicy-Deny-Mail-00005
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy}
|
||||
|
||||
|
||||
|
||||
SecurityPolicy-Deny-Mail-00006
|
||||
[Tags] Deny IP MAIL ATT_CONT
|
||||
@@ -506,13 +507,13 @@ SecurityPolicy-Deny-Mail-00006
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=110 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=8004 appName=mail protocol=mail attributeValue={"string": "Простопорно"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${att_content_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -544,7 +545,7 @@ SecurityPolicy-Deny-Mail-00006
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -582,13 +583,13 @@ SecurityPolicy-Deny-Mail-00007
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${from_id} Create Dictionary attributeType=string attributeName=from appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${from_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${from_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -620,7 +621,7 @@ SecurityPolicy-Deny-Mail-00007
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -657,13 +658,13 @@ SecurityPolicy-Deny-Mail-00008
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=110 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${to_id} Create Dictionary attributeType=string attributeName=to appId=8004 appName=mail protocol=mail attributeValue={"string": "l1157517579@163.com"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${to_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${to_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -695,7 +696,7 @@ SecurityPolicy-Deny-Mail-00008
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -732,13 +733,13 @@ SecurityPolicy-Deny-Mail-00009
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${account_id} Create Dictionary attributeType=string attributeName=account appId=110 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${account_id} Create Dictionary attributeType=string attributeName=account appId=8004 appName=mail protocol=mail attributeValue={"string": "dxy135222@163.com"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account_id}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${account_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -770,7 +771,7 @@ SecurityPolicy-Deny-Mail-00009
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
@@ -779,70 +780,70 @@ SecurityPolicy-Deny-Mail-00009
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy}
|
||||
|
||||
|
||||
SecurityPolicy-Deny-Mail-00010
|
||||
[Tags] Deny IP MAIL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
# SecurityPolicy-Deny-Mail-00010
|
||||
# [Tags] Deny IP MAIL
|
||||
# Comment 创建IP
|
||||
# ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
# ${addItemLists} Create list ${addItemList1}
|
||||
# ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
# ${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
# ${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL","method":"rst"} isValid=${1} appIdObjects=${MAIL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
# Comment 创建Deny策略
|
||||
# ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"MAIL","method":"rst"} isValid=${1} appIdObjects=${MAIL_ID}
|
||||
# ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
# ${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
# ${starttime} Get Time
|
||||
# #功能端验证
|
||||
# Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "110"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
# Comment 策略验证
|
||||
# #新增策略验证
|
||||
# #创建attributes中的字典
|
||||
|
||||
# ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
# ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "8004"}
|
||||
# # 合成attributes字典集
|
||||
# ${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
# ${verifySession} Create Dictionary attributes=${attributes}
|
||||
# ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
# log ${verifyList}
|
||||
# ${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# # 打印检查结果
|
||||
# ${objectid_verify} Set Variable ${objectids}
|
||||
# ${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
# log ${objectid_verify}
|
||||
# ${testType} Evaluate type($objectid_verify)
|
||||
# ${testType} Evaluate type($resData)
|
||||
# log ${resData}
|
||||
# sleep 5
|
||||
# ${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
# Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证
|
||||
${Smtp服务器} Set Variable Smtp.163.com
|
||||
${Smtp服务器端口} Set Variable 25
|
||||
${邮箱账号} Set Variable ${mailAccount163Dxy}
|
||||
${邮箱密码} Set Variable ${mailPasswordDxy}
|
||||
${邮件主题} Set Variable 人生路远及时行乐
|
||||
${发送者} Set Variable ${mailAccount163Dxy}
|
||||
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
|
||||
${接收者} Set Variable ["${mailAccount163Lyf}"]
|
||||
${抄送者} Set Variable ["${mailAccount163Lyf}"]
|
||||
${密送者} Set Variable ["${mailAccount163Lyf}"]
|
||||
${邮件正文} Set Variable good
|
||||
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
Log ${发送邮件返回结果}
|
||||
run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} mail_fail
|
||||
... ELSE should contain ${发送邮件返回结果} fail
|
||||
# Comment 功能端验证
|
||||
# ${Smtp服务器} Set Variable Smtp.163.com
|
||||
# ${Smtp服务器端口} Set Variable 25
|
||||
# ${邮箱账号} Set Variable ${mailAccount163Dxy}
|
||||
# ${邮箱密码} Set Variable ${mailPasswordDxy}
|
||||
# ${邮件主题} Set Variable 人生路远及时行乐
|
||||
# ${发送者} Set Variable ${mailAccount163Dxy}
|
||||
# ${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
|
||||
# ${接收者} Set Variable ["${mailAccount163Lyf}"]
|
||||
# ${抄送者} Set Variable ["${mailAccount163Lyf}"]
|
||||
# ${密送者} Set Variable ["${mailAccount163Lyf}"]
|
||||
# ${邮件正文} Set Variable good
|
||||
# ${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
|
||||
# Log ${发送邮件返回结果}
|
||||
# run keyword if '${systemType}'=='Windows' should contain ${发送邮件返回结果} fail
|
||||
# ... ELSE should contain ${发送邮件返回结果} fail
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account ${mailAccount163Dxy}
|
||||
# Comment 日志验证
|
||||
# #日志验证
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} mail_account mail_from_cmd
|
||||
|
||||
@@ -40,12 +40,12 @@ SecurityPolicy-Deny-QUCI-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "2521"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
|
||||
@@ -60,15 +60,15 @@ SecurityPolicy-Deny-SSL-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} ${cn} ${san}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${cn} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -127,13 +127,13 @@ SecurityPolicy-Deny-SSL-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -193,13 +193,13 @@ SecurityPolicy-Deny-SSL-00003
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${cn}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${cn}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -240,7 +240,7 @@ SecurityPolicy-Deny-SSL-00004
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SAN
|
||||
${addItemList1} Create Dictionary keywordArray=*austinama.org isHexbin=${0}
|
||||
${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
@@ -258,13 +258,13 @@ SecurityPolicy-Deny-SSL-00004
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "austinama.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${san}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -283,17 +283,18 @@ SecurityPolicy-Deny-SSL-00004
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
|
||||
SecurityPolicy-Deny-SSL-00005
|
||||
[Tags] Deny IP SSL
|
||||
@@ -317,12 +318,12 @@ SecurityPolicy-Deny-SSL-00005
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
@@ -350,5 +351,5 @@ SecurityPolicy-Deny-SSL-00005
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
@@ -38,7 +38,7 @@ SecurityPolicy-Deny-SIP-00001
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
@@ -104,9 +104,9 @@ SecurityPolicy-Deny-FTP-00002
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=182 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=182 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "182"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,102 +1,143 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Intesept-Http-00001
|
||||
[Tags] Intercept http ip+fqdn
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_FQDN_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.wenming.cn
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run ${commandstr}
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain wenming.cn
|
||||
|
||||
SecurityPolicy-Intesept-Http-00002
|
||||
[Tags] Intercept http SUB+CAT
|
||||
# #创建对象SUB ID
|
||||
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
# log ${object_SUB_Id}
|
||||
# #删除对象
|
||||
# ${objectids} set Variable ${object_SUB_Id}
|
||||
#创建cat
|
||||
${rescode} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*newsgd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]}, \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.newsgd.com
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run ${commandstr}
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.newsgd.com
|
||||
|
||||
SecurityPolicy-Intesept-Http-00003
|
||||
[Tags] Intercept http ip+fqdn
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$poplar.ru" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_FQDN_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://poplar.ru/
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run ${commandstr}
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain poplar.ru
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Intesept-Http-00001
|
||||
[Tags] Intercept http ip+fqdn
|
||||
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Intercept策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.yumi.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_HTTP_00001.bat
|
||||
... ELSE set variable curl http://www.yumi.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 玉米
|
||||
... ELSE Create List 玉米
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.yumi.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Intesept-Http-00002
|
||||
[Tags] Intercept http
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Intercept策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_HTTP_00001.bat
|
||||
... ELSE set variable curl http://www.yumi.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 玉米
|
||||
... ELSE Create List 玉米
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -1,393 +1,144 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Intesept-Https-00001
|
||||
[Tags] Intercept https ip+fqdn
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.youtube.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_FQDN_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL001.bat
|
||||
... ELSE set variable curl -kv https://www.youtube.com
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.youtube.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00002
|
||||
[Tags] Intercept https SUB+CAT
|
||||
# #创建对象SUB ID
|
||||
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
# log ${object_SUB_Id}
|
||||
# #删除对象
|
||||
# ${objectids} set Variable ${object_SUB_Id}
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*facebook.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL002.bat
|
||||
... ELSE set Variable curl -kv https://www.facebook.com
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.facebook.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00003
|
||||
[Tags] Intercept https Fail-close
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
|
||||
... ELSE set variable curl -kv https://client.badssl.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00004
|
||||
[Tags] Intercept https Pass-through
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
|
||||
... ELSE set variable curl -kv https://self-signed.badssl.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00005
|
||||
[Tags] Intercept https EV
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
|
||||
... ELSE set variable curl -kv https://www.myssl.cn/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
|
||||
|
||||
SecurityPolicy-Intesept-Https-00006
|
||||
[Tags] Intercept https CT
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
|
||||
... ELSE set variable curl -kv https://www.vip.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00007
|
||||
[Tags] Intercept https MA
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
|
||||
... ELSE set variable curl -kv https://www.myssl.cn/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
|
||||
|
||||
SecurityPolicy-Intesept-Https-00008
|
||||
[Tags] Intercept https SSL3.0
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*360.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008.bat
|
||||
... ELSE set variable curl -kv https://360.cn/
|
||||
${stringlist} Create List ssl3_read_bytes
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni 360.cn
|
||||
|
||||
SecurityPolicy-Intesept-Https-00009
|
||||
[Tags] Intercept https TSL1.0
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.mi.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
|
||||
... ELSE set variable curl -kv https://www.mi.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.mi.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00010
|
||||
[Tags] Intercept https TSL1.1
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
|
||||
... ELSE set variable curl -kv https://www.vip.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00011
|
||||
[Tags] Intercept https TSL1.2
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat
|
||||
... ELSE set variable curl -kv https://www.taobao.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.taobao.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00012
|
||||
[Tags] Intercept https TSL1.3
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*halfrost.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat
|
||||
... ELSE set variable curl -kv https://halfrost.com/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com
|
||||
|
||||
SecurityPolicy-Intesept-Https-00013
|
||||
[Tags] Intercept https ip+fqdn
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.olx.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_FQDN_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_FQDN_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL013.bat
|
||||
... ELSE set variable curl -kv https://www.olx.kz/uslugi/
|
||||
${stringlist} Create List Tango Secure Gateway CA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.olx.kz
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Intesept-Https-00001
|
||||
[Tags] Intercept https ip+sni
|
||||
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=$www.reviewpro.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Intercept策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "www.reviewpro.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00001.bat
|
||||
... ELSE set variable curl -kv https://www.reviewpro.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List reviewpro Tango Secure Gateway CA
|
||||
... ELSE Create List reviewpro Tango Secure Gateway CA
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.reviewpro.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Intesept-Https-00002
|
||||
[Tags] Intercept https
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Intercept策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Intercept_SSL_00002.bat
|
||||
... ELSE set variable curl -kv https://fenopy.se/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Fenopy Tango Secure Gateway CA
|
||||
... ELSE Create List Fenopy Tango Secure Gateway CA
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
@@ -1,71 +1,143 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-monitor-DNS-00001
|
||||
[Tags] monitor DNS ip+fqdn
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_fqdn_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} set variable nslookup -d www.vip.com
|
||||
@{stringlist} set variable canonical name = www.vip.com type = AAAA, class = IN
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommand ${commandstr} @{stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.vip.com
|
||||
|
||||
SecurityPolicy-monitor-DNS-00002
|
||||
[Tags] monitor DNS ip+cat
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} set variable nslookup -d www.taobao.com
|
||||
@{stringlist} set variable canonical name = www.taobao.com type = AAAA
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommand ${commandstr} @{stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#验证日志
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.taobao.com
|
||||
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Monitor-DNS-00001
|
||||
[Tags] Monitor IP DNS
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS"} isValid=${1} appIdObjects=${DNS_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" }
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d twitter.com
|
||||
... ELSE set variable nslookup twitter.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List twitter.com
|
||||
... ELSE Create List twitter.com
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname DNS
|
||||
|
||||
SecurityPolicy-Monitor-DNS-00002
|
||||
[Tags] Monitor IP DNS QNAME
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=*www.youtube.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"DNS"} filterList=${objectId1}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=32 appName=dns protocol=dns attributeValue={"string": "www.youtube.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"32" }
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.youtube.com 8.8.8.8
|
||||
... ELSE set variable nslookup -debug -query=A \ www.youtube.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List www.youtube.com
|
||||
... ELSE Create List www.youtube.com
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} dns_qname www.youtube.com
|
||||
|
||||
@@ -1,96 +1,347 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
Library Custometest
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-monitor-FTP-00001
|
||||
[Tags] monitor Sub_Account
|
||||
# #创建对象 Sub
|
||||
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$jwctest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
# log ${object_Sub_Id}
|
||||
# ${objectids} set Variable ${object_Sub_Id}
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 登录
|
||||
should contain ${FTP} ftp_success
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
|
||||
|
||||
SecurityPolicy-monitor-FTP-00002
|
||||
[Tags] monitor URI_Content
|
||||
#创建对象 URI
|
||||
${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_URI_Id}
|
||||
${objectids} set Variable ${object_URI_Id}
|
||||
#创建对象 Content
|
||||
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Content_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 下载
|
||||
should contain ${FTP} ftp_success
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
|
||||
|
||||
SecurityPolicy-monitor-FTP-00003
|
||||
[Tags] monitor Sub_Account
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 登录
|
||||
should contain ${FTP} ftp_success
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
|
||||
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Custometest
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Monitor-FTP-00001
|
||||
[Tags] Monitor IP FTP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} success
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Monitor-FTP-00002
|
||||
[Tags] Monitor IP FTP Account URI Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建URI
|
||||
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建Content
|
||||
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} success
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-FTP-00003
|
||||
[Tags] Monitor IP FTP Account
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} success
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
|
||||
|
||||
SecurityPolicy-Monitor-FTP-00004
|
||||
[Tags] Monitor IP FTP URI
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建URI
|
||||
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} success
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-FTP-00005
|
||||
[Tags] Monitor IP FTP Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Content
|
||||
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP"} filterList=${objectId3}|TSG_FIELD_FTP_CONTENT isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} success
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} success
|
||||
... ELSE should contain ${FTP} success
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -1,103 +1,809 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-monitor-Http-00001
|
||||
[Tags] monitor http ip+cat+User-Agent+Content-Type+url
|
||||
#创建cat
|
||||
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ziroom.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_cat_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
#创建url
|
||||
${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ziroom" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_url_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建请求头
|
||||
${rescode} ${object_User_Agent_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_User_Agent_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_User_Agent_Id}
|
||||
#创建应答头
|
||||
${rescode} ${object_Content-Type_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_Content-Type_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content-Type_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
#${commandstr} set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
|
||||
... ELSE set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ziroom.com/life/index
|
||||
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} OperatingSystem.Run ${commandstr}
|
||||
should contain ${commandreturn} 全屋智能美家
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.ziroom.com
|
||||
|
||||
SecurityPolicy-monitor-Http-00002
|
||||
[Tags] monitor http SUB+cat+set-cookie+url
|
||||
#创建fqdn
|
||||
${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_fqdn_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
#创建url
|
||||
${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu*" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
log ${object_url_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
|
||||
#创建请求头
|
||||
${rescode} ${object_sk_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_sk","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_sk_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_sk_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_SUB_Id}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
#${commandstr} set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
|
||||
... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${commandreturn} SystemCommand ${commandstr}
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.xiaozhu.com
|
||||
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
${url1} /v1/policy/profile/responsepages
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Monitor-HTTP-00001
|
||||
[Tags] Monitor IP HTTP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Fitzhugh Media
|
||||
... ELSE Create List Fitzhugh Media
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host HTTP
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00002
|
||||
[Tags] Monitor IP HTTP FQDN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=*fitzhughmedia.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "fitzhughmedia.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00002_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Fitzhugh Media
|
||||
... ELSE Create List Fitzhugh Media
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host fitzhughmedia.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00003
|
||||
[Tags] Monitor IP HTTP URL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=portal/zh_CN/home/index.html isHexbin=${0}
|
||||
${addItemList2} Create Dictionary keywordArray=www.nuk-baby.ru* isHexbin=${0}
|
||||
${addItemList3} Create Dictionary keywordArray=davidsmithhunting.com isHexbin=${0}
|
||||
${addItemList4} Create Dictionary keywordArray=crosswordheaven isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1} ${addItemList2} ${addItemList3} ${addItemList4}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=Monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.hkbchina.com/portal/zh_CN/home/index.html"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003.bat
|
||||
... ELSE set variable curl http://www.hkbchina.com/portal/zh_CN/home/index.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 汉口银行
|
||||
... ELSE Create List 汉口银行
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_1.bat
|
||||
... ELSE set variable curl http://www.nuk-baby.ru/ru_ru/kollekcii/disney-mickey-mouse.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Поиск
|
||||
... ELSE Create List Поиск
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_2.bat
|
||||
... ELSE set variable curl http://davidsmithhunting.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List David Smith
|
||||
... ELSE Create List David Smith
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00003_3.bat
|
||||
... ELSE set variable curl http://crosswordheaven.com/search
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Search
|
||||
... ELSE Create List Search
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host hkbchina.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host baby.ru
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host davidsmithhunting.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host crosswordheaven.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00004
|
||||
[Tags] Monitor IP HTTP User-Agent
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment User-Agent
|
||||
${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ua}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00004.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00004_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Motivational
|
||||
... ELSE Create List Motivational
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host quotes.info
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00005
|
||||
[Tags] Monitor IP HTTP Content-Type
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Content-Type
|
||||
${addItemList1} Create Dictionary keywordArray=*html isHexbin=${0} district=Content-Type
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "text/html","district": "Content-Type"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_ct}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_yumi.bat
|
||||
... ELSE set variable curl http://www.yumi.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 服务平台
|
||||
... ELSE Create List 服务平台
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.yumi.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00006
|
||||
[Tags] Monitor IP HTTP Cookie
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=wingsofprey isHexbin=${0} district=Cookie
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "wingsofprey","district": "Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_hdr_ck}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00012.bat
|
||||
... ELSE set variable curl -kv --cookie "*wingsofprey=jkmg7dm2dqjhf4514u0ehjde45; __utma=1.780132397.1593856991.1593856991.1593856991.1; __utmc=1; __utmz=1.1593856991.1.1.utmcsr=lvse.cn" --referer 'http://www.baidu.com/' \ http://www.titter.com/en/games/jack-stone.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Scooby Doo Adventure 3
|
||||
... ELSE Create List Scooby Doo Adventure 3
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.titter.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00007
|
||||
[Tags] Monitor IP HTTP Set-Cookie
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Set-Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=domain=www.spore isHexbin=${0} district=Set-Cookie
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=Monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "domain=www.spore","district": "Set-Cookie"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_hdr_sc}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00013.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00013_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List www.spore.com
|
||||
... ELSE Create List www.spore.com
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host www.spore.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00008
|
||||
[Tags] Monitor IP HTTP Request Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Request Content
|
||||
${addItemList1} Create Dictionary keywordArray=monitortest141 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "monitortest141"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${req_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00014.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Monitor_HTTP_00014_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List monitortest141
|
||||
... ELSE Create List monitortest141
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00009
|
||||
[Tags] Monitor IP HTTP Response Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment Response Content
|
||||
${addItemList1} Create Dictionary keywordArray=华彤公司 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "华彤公司"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${res_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00015.bat
|
||||
... ELSE set variable curl -m 10 -kv http://www.huatonggs.com/about.html#gsjj
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 华彤公司
|
||||
... ELSE Create List 华彤公司
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host huatonggs.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00010
|
||||
[Tags] Monitor IP HTTP FQDN URL User-Agent Content-Type Request Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=*open.node.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=open.node isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment User-Agent
|
||||
${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment Content-Type
|
||||
${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId4} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4}
|
||||
|
||||
Comment Request Content
|
||||
${addItemList1} Create Dictionary keywordArray=MonitorHttp0016 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId5} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${qname_fqdn_id} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "open.node.com"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "open.node.com/"}
|
||||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset","district": "Content-Type"}
|
||||
${req_body} Create Dictionary attributeType=string attributeName=req_body appId=67 appName=http protocol=http attributeValue={"string": "testMonitorHttp0016"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${qname_fqdn_id} ${url} ${req_hdr_ua} ${res_hdr_ct} ${req_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00016.bat
|
||||
... ELSE set variable curl -m 10 -kv -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{"requestbody":"MonitorHttp0016","setcook":"asdf","contenttype": "charsetMonitor0016","responsebody": "adzx"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com:180/go
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List MonitorHttp0016
|
||||
... ELSE Create List MonitorHttp0016
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Monitor-HTTP-00011
|
||||
[Tags] Monitor IP HTTP FQDN URL Cookie Set-Cookie Response Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建fqdn
|
||||
${addItemList1} Create Dictionary keywordArray=*smspunch.net isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建url
|
||||
${addItemList1} Create Dictionary keywordArray=*send-free-sms.aspx isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=_ym_isad=2 isHexbin=${0} district=Cookie
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment Set-Cookie
|
||||
${addItemList1} Create Dictionary keywordArray=NET_SessionId isHexbin=${0} district=Set-Cookie
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId4} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4}
|
||||
|
||||
Comment Response Content
|
||||
${addItemList1} Create Dictionary keywordArray=Cell No isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId5} AddObjects ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId5}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR,${objectId5}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appIdObjects=${HTTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net"}
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "smspunch.net/send-free-sms.aspx"}
|
||||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "_ym_isad=2","district": "Cookie"}
|
||||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "NET_SessionId","district": "Set-Cookie"}
|
||||
${res_body} Create Dictionary attributeType=string attributeName=res_body appId=67 appName=http protocol=http attributeValue={"string": "Cell No"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${fqdn} ${url} ${req_hdr_ck} ${res_hdr_sc} ${res_body}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_HTTP_00017.bat
|
||||
... ELSE set variable curl -m 10 -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://smspunch.net/send-free-sms.aspx
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List smspunch.net
|
||||
... ELSE Create List smspunch.net
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} http_host smspunch.net
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,98 +1,356 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc Security_Policy
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-monitor-SSL-00001
|
||||
[Tags] monitor ssl ip+cat
|
||||
#创建SNI_CAT
|
||||
${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_sni_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_sni_Id}
|
||||
#创建SAN_CAT
|
||||
${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_san_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id}
|
||||
#创建对象 CN_CAT
|
||||
${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_cn_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl001.bat
|
||||
... ELSE set variable curl -kv https://www.jd.com
|
||||
@{stringlist} set variable 正品低价 html
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommand ${commandstr} @{stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com
|
||||
|
||||
SecurityPolicy-monitor-SSL-00002
|
||||
[Tags] monitor ssl SUB+fqdn
|
||||
# #创建对象SUB
|
||||
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \
|
||||
# log ${object_SUB_Id}
|
||||
# #删除对象
|
||||
# ${objectids} set Variable ${object_SUB_Id}
|
||||
#创建SNI_CAT
|
||||
${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_sni_Id}
|
||||
#删除对象
|
||||
${objectids} set Variable ${object_sni_Id}
|
||||
#创建SAN_CAT
|
||||
${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_san_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id}
|
||||
#创建对象 CN_CAT
|
||||
${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_cn_Id}
|
||||
#删除对象
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
|
||||
${rescode} ${policyId} AddPolicy ${addPolicyStr}
|
||||
log ${policyId}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#功能端验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl002.bat
|
||||
... ELSE set variable curl -kv https://www.yhd.com
|
||||
@{stringlist} set variable 货到付款 text
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommand ${commandstr} @{stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
log ${rescode}
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.yhd.com
|
||||
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Selenium2Library
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Monitor-SSL-00001
|
||||
[Tags] Monitor IP SSL SNI SAN CN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SNI
|
||||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建CN
|
||||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建SAN
|
||||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${cn} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||||
... ELSE set variable curl https://www.academia.org/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||||
... ELSE Create List Accuracy In Academia
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-SSL-00002
|
||||
[Tags] Monitor IP SSL SNI
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SNI
|
||||
${addItemList1} Create Dictionary keywordArray=*freecountry.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "freecountry.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00001_1.bat
|
||||
... ELSE set variable curl \ https://freecountry.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Jackets
|
||||
... ELSE Create List Jackets
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni freecountry.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-SSL-00003
|
||||
[Tags] Monitor IP SSL CN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建CN
|
||||
${addItemList1} Create Dictionary keywordArray=*keysnews.com isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "keysnews.com"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${cn}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00002.bat
|
||||
... ELSE set variable curl https://www.keysnews.com/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List keysnews.com
|
||||
... ELSE Create List keysnews.com
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.keysnews.com
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-SSL-00004
|
||||
[Tags] Monitor IP SSL SAN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SAN
|
||||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||||
... ELSE set variable curl https://www.academia.org/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||||
... ELSE Create List Accuracy In Academia
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Monitor-SSL-00005
|
||||
[Tags] Monitor IP SSL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Monitor策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||||
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||||
... ELSE set variable curl https://www.academia.org/
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||||
... ELSE Create List Accuracy In Academia
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
Reference in New Issue
Block a user