diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot new file mode 100644 index 0000000..2ce5bbb --- /dev/null +++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot @@ -0,0 +1,648 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc Security_Policy +Library OperatingSystem +Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Deny-Http-00001 + [Tags] ip Selfserver deny HTTP + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat + ... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00002 + [Tags] Selfserver deny HTTP ip+fqdn右匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00003 + [Tags] Selfserver deny HTTP ip+cat完整匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00004 + [Tags] Selfserver deny HTTP ip+url字串匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node.com + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00005 + [Tags] Selfserver deny HTTP ip+url右匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*youtube.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00006 + [Tags] Selfserver deny HTTP ip+url完整匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List when not allowed + ... ELSE Create List when not allowed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00007 + [Tags] Selfserver deny HTTP ip+url左匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open* + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00008 + [Tags] Selfserver deny HTTP ip+请求头字串匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent + ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat + ... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00009 + [Tags] Selfserver deny HTTP ip+请求头右匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat + ... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00010 + [Tags] Selfserver deny HTTP ip+请求头完整匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat + ... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List when not allowed + ... ELSE Create List when not allowed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00011 + [Tags] Selfserver deny HTTP ip+请求头左匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00011 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat + ... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00012 + [Tags] Selfserver deny HTTP ip+cookie左匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CK_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00012 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat + ... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00013 + [Tags] Selfserver deny HTTP ip+应答头字串匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00014 + [Tags] Selfserver deny HTTP ip+应答头右匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*utf-8|Content-Type + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00014 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00015 + [Tags] Selfserver deny HTTP ip+应答头完整匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00015 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00016 + [Tags] Selfserver deny HTTP ip+应答头左匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text*|Content-Type + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00016 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00017 + [Tags] Selfserver deny HTTP ip+set-cookie字串匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=4567|Set-Cookie + ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00017 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat + ... ELSE set variable curl \ http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00018 + [Tags] Selfserver deny HTTP ip+set-cookie右匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*5678|Set-Cookie + ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00018 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat + ... ELSE set variable curl \ http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00019 + [Tags] Selfserver deny HTTP ip+set-cookie完整匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00019 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat + ... ELSE set variable curl \ http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00020 + [Tags] Selfserver deny HTTP ip+set-cookie左匹配 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=1234*|Set-Cookie + ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00020 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat + ... ELSE set variable curl \ http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00021 + [Tags] Selfserver deny HTTP ip+请求体 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test + ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_RQ_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00021 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00022 + [Tags] Selfserver deny HTTP ip+应答体 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} + Comment FQDN + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық + ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_RQ_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00022 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com