完善ssl自动化测试用例
This commit is contained in:
姬巍川
@@ -14,7 +14,7 @@ ${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-SSL-00001
|
||||
[Tags] Selfserver Ip Deny Ssl
|
||||
[Tags] selfserver ip deny ssl
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
@@ -39,17 +39,17 @@ SecurityPolicy-Deny-SSL-00001
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00002
|
||||
[Tags] Selfserver Ssl Deny Sni Ip+Fqdn右匹配
|
||||
[Tags] selfserver ssl deny sni ip+fqdn右匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
@@ -57,7 +57,7 @@ SecurityPolicy-Deny-SSL-00002
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Operation timed out after
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
@@ -68,17 +68,75 @@ SecurityPolicy-Deny-SSL-00002
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00003
|
||||
[Tags] Selfserver Deny Sni Ssl Ip+Cat完整匹配
|
||||
[Tags] selfserver deny ssl sni ip+Cat完整匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00004
|
||||
[Tags] selfserver ssl deny ip+fqdn右匹配 cn
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Operation timed out after
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00005
|
||||
[Tags] deny selfserver cn ssl ip+cat完整匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
@@ -96,76 +154,18 @@ SecurityPolicy-Deny-SSL-00003
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00004
|
||||
[Tags] Selfserver Ssl Deny Ip+Fqdn右匹配 Cn
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00005
|
||||
[Tags] Selfserver Deny Cn Ssl Ip+Cat完整匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00006
|
||||
[Tags] Selfserver Ssl Deny Ip+Fqdn右匹配 San
|
||||
[Tags] selfserver ssl deny san ip+fqdn右匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
@@ -173,7 +173,7 @@ SecurityPolicy-Deny-SSL-00006
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
... ELSE Create List Operation timed out after
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
@@ -184,17 +184,17 @@ SecurityPolicy-Deny-SSL-00006
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00007
|
||||
[Tags] Selfserver Deny San Ssl Ip+Cat完整匹配
|
||||
[Tags] selfserver deny san ssl ip+cat完整匹配
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
@@ -202,6 +202,79 @@ SecurityPolicy-Deny-SSL-00007
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Operation timed out after
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00008
|
||||
[Tags] selfserver deny ssl 最大组合 ip+cat+fqdn
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
|
||||
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_cat_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${object_fqdn_Id}|TSG_FIELD_SSL_SAN,${object_fqdn_Id}|TSG_FIELD_SSL_SNI,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Operation timed out after
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
Comment 修改策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${object_cat_Id}|TSG_FIELD_SSL_SAN,${object_cat_Id}|TSG_FIELD_SSL_SNI,${object_cat_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3 policyId=${policyId}
|
||||
${rescode} ${policyId} EditPolicy ${policyDict} update
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Operation timed out after
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
SecurityPolicy-Deny-SSL-00009
|
||||
[Tags] selfserver ssl deny san 多ip+fqdn右匹配
|
||||
Comment 创建第二个源IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.18|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_SOURCE_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
|
||||
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Reference in New Issue
Block a user