diff --git a/01-TestCase/zjj/ZJJ_ProxyPolciy-Hijack-SSL.robot b/01-TestCase/zjj/ZJJ_ProxyPolciy-Hijack-SSL.robot new file mode 100644 index 0000000..f9af2e6 --- /dev/null +++ b/01-TestCase/zjj/ZJJ_ProxyPolciy-Hijack-SSL.robot @@ -0,0 +1,1213 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags zjj tsg_adc proxy_policy +Library OperatingSystem +Resource ../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/hijackfiles +${profiledId} ${EMPTY} + +*** Test Cases *** +ZJJ_ProxyPolicy-Hijack-Ssl-00001 + [Tags] selfserver ssl hijack ip+url + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test1","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Timef + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00002 + [Tags] selfserver ssl hijack ip+fqdn完整匹配+url + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.2} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Hijack-Ssl-00003 + [Tags] selfserver ssl hijack ip+cat右匹配+url + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com + ${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_cat_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.3} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00004 + [Tags] selfserver ssl hijack ip+url右匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.4} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00005 + [Tags] selfserver ssl hijack ip+url字串匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00006 + [Tags] selfserver ssl hijack ip+url完整匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.6} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00007 + [Tags] selfserver ssl hijack ip+url左匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node* + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.7} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00008 + [Tags] selfserver ssl hijack ip+请求头右匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.8} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00009 + [Tags] selfserver ssl hijack ip+请求头字串匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.9} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00010 + [Tags] selfserver ssl hijack ip+请求头完整匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Hijack-Ssl-00011 + [Tags] selfserver ssl hijack ip+请求头左匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.1111} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1111访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00012 + [Tags] selfserver ssl hijack ip+cookie字串匹配+url + Comment 创建cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.2222} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat + ... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2222访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00013 + [Tags] selfserver ssl hijack ip+应答头右匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.3333} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3333访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00014 + [Tags] selfserver ssl hijack ip+应答头字串匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.4444} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4444访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00015 + [Tags] selfserver ssl hijack ip+应答头完整匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5555} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5555访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00016 + [Tags] selfserver ssl hijack ip+应答头左匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.6666} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6666访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00017 + [Tags] selfserver ssl hijack ip+set-cookie右匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.7777} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7777访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00018 + [Tags] selfserver ssl hijack ip+set-cookie字串匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.8888} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8888访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00019 + [Tags] selfserver ssl hijack ip+set-cookie完整匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.9999} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00020 + [Tags] selfserver ssl hijack ip+set-cookie左匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1.0} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00021 + [Tags] selfserver 最大组合 ssl hijack + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00022 + [Tags] selfserver 最大组合 ssl hijack update + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00022 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + + #修改 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=MASK|192.168.100.5|255.255.255.255|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0 (Windows*|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + #创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00022 policyId=${policyId} policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} EditPolicy ${policyDict} update + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00022 policyId=${policyId3} policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} EditPolicy ${policyDict} update + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt update0.5->0.1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Hijack-Ssl-00023 + [Tags] selfserver 最大组合 ssl hijack update + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00022 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + + #修改 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=MASK|192.168.100.5|255.255.255.255|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0 (Windows NT*|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00022update policyId=${policyId} policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} EditPolicy ${policyDict} update + + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Hijack-SSL-00022update policyId=${policyId3} policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} EditPolicy ${policyDict} update + Comment 功能端验证HTTP验证 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Hijack-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt update1->0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} diff --git a/01-TestCase/zjj/ZJJ_ProxyPolicy-Insert-SSL.robot b/01-TestCase/zjj/ZJJ_ProxyPolicy-Insert-SSL.robot new file mode 100644 index 0000000..d62c9bd --- /dev/null +++ b/01-TestCase/zjj/ZJJ_ProxyPolicy-Insert-SSL.robot @@ -0,0 +1,1213 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags zjj tsg_adc proxy_policy +Library OperatingSystem +Resource ../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/insertscripts +${profiledId} ${EMPTY} + +*** Test Cases *** +ZJJ_ProxyPolicy-Insert-Ssl-00001 + [Tags] selfserver ssl Hijack ip+url + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Insert-Ssl-00002 + [Tags] selfserver ssl Insert ip+fqdn完整匹配+url + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.2} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00003 + [Tags] selfserver ssl Insert ip+cat右匹配+url + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com + ${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_cat_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.3} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00004 + [Tags] selfserver ssl Insert ip+url右匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null,"enforcement_ratio":0.4}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00005 + [Tags] selfserver ssl Insert ip+url字串匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00006 + [Tags] selfserver ssl Insert ip+url完整匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.6} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00007 + [Tags] selfserver ssl Insert ip+url左匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node* + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.7} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00008 + [Tags] selfserver ssl Insert ip+请求头右匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.8} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00009 + [Tags] selfserver ssl Insert ip+请求头字串匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.9} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00010 + [Tags] selfserver ssl Insert ip+请求头完整匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1.0访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00011 + [Tags] selfserver ssl Insert ip+请求头左匹配+url + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.1111} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1111访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00012 + [Tags] selfserver ssl Insert ip+cookie字串匹配+url + Comment 创建cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.2222} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat + ... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2222访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00013 + [Tags] selfserver ssl Insert ip+应答头右匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.3333} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3333访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00014 + [Tags] selfserver ssl Insert ip+应答头字串匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00014 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.44444} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4444访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00015 + [Tags] selfserver ssl Insert ip+应答头完整匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00015 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5555} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5555访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00016 + [Tags] selfserver ssl Insert ip+应答头左匹配+url + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00016 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.6666} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6666访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Insert-Ssl-00017 + [Tags] selfserver ssl Insert ip+set-cookie右匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00017 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.7777} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7777访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00018 + [Tags] selfserver ssl Insert ip+set-cookie字串匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00018 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.8888} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8888访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00019 + [Tags] selfserver ssl Insert ip+set-cookie完整匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00019 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.9999} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00020 + [Tags] selfserver ssl Insert ip+set-cookie左匹配+url + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00020 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1.0} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1.0访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00021 + [Tags] selfserver 最大组合 ssl Insert + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00021 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00022 + [Tags] selfserver 最大组合 ssl Insert + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00022 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + + #修改 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00023 policyId=${policyId} policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} EditPolicy ${policyDict} update + + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00023 policyId=${policyId3} policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} EditPolicy ${policyDict} update + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt update1-0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ_ProxyPolicy-Insert-Ssl-00023 + [Tags] selfserver 最大组合 ssl Insert + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00023 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00023 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + + #修改 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=MASK|192.168.100.5|255.255.255.255|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0 (Windows NT*|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建insert文件 + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=ZJJ_SecurityPolicy-Intercept-SSL-00023 policyId=${policyId} policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} EditPolicy ${policyDict} update + + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ_ProxyPolicy-Insert-SSL-00023 policyId=${policyId3} policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} EditPolicy ${policyDict} update + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Insert-Ssl-00001\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt update0.5->1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} \ No newline at end of file diff --git a/01-TestCase/zjj/ZJJ_ProxyPolicy-Redirect.robot b/01-TestCase/zjj/ZJJ_ProxyPolicy-Redirect.robot new file mode 100644 index 0000000..6c51796 --- /dev/null +++ b/01-TestCase/zjj/ZJJ_ProxyPolicy-Redirect.robot @@ -0,0 +1,997 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags zjj tsg_adc proxy_policy +Library OperatingSystem +Resource ../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +ZJJ-ProxyPolicy-Redirect-Http-00001 + [Tags] selfserver ip http redirect + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.ziroom.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |Redirect-Http + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ-ProxyPolicy-Redirect-Http-00002 + [Tags] selfserver ip+fqdn完整匹配 http redirect + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-ZJJ-SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":302,"protocol":"HTTP","enforcement_ratio":0.2} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00003 + [Tags] selfserver ip+cat右匹配 http redirect + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com + ${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_cat_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-ZJJ-SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.toutiao.com/ch/news_hot/","code":301,"protocol":"HTTP","enforcement_ratio":0.3} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00004 + [Tags] selfserver http redirect ip+url右匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-ZJJ-SecurityPolicy-Intercept-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://bbs.tianya.cn/list-lookout-1.shtml","code":301,"protocol":"HTTP","enforcement_ratio":0.4} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00005 + [Tags] selfserver http redirect ip+url字串匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-ZJJ-SecurityPolicy-Intercept-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://kefu.ctrip.com/index","code":301,"protocol":"HTTP","enforcement_ratio":0.5} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat + ... ELSE set variable curl -kv http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00006 + [Tags] selfserver http redirect ip+url完整匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.booking.com/","code":302,"protocol":"HTTP","enforcement_ratio":0.6} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat + ... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00007 + [Tags] selfserver http redirect ip+url左匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node* + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.eastmoney.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.7} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00008 + [Tags] selfserver http redirect ip+请求头右匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-00008 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.iqiyi.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.8} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00009 + [Tags] selfserver http redirect ip+请求头字串匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-00009 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://chaoshi.tmall.com/","code":302,"protocol":"HTTP","enforcement_ratio":0.9} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00010 + [Tags] selfserver http redirect ip+请求头完整匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000010 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://military.china.com/zh_cn/","code":301,"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00011 + [Tags] selfserver http redirect ip+请求头左匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000011 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.tiexue.net/","code":302,"protocol":"HTTP","enforcement_ratio":0.1111} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1111访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00012 + [Tags] selfserver http redirect ip+cookie字串匹配 + Comment 创建cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000012 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.douyu.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.111111} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat + ... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2222访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00013 + [Tags] selfserver http redirect ip+应答头右匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000013 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.fang.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.2222} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3333访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00014 + [Tags] selfserver http redirect ip+应答头字串匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000014 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID=","code":302,"protocol":"HTTP","enforcement_ratio":0.3333} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat + ... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4444访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00015 + [Tags] selfserver http redirect ip+应答头完整匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000015 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://stock.stockstar.com/gem/","code":302,"protocol":"HTTP","enforcement_ratio":0.5555} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat + ... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5555访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00016 + [Tags] selfserver http redirect ip+应答头左匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000016 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.kugou.com/yy/html/rank.html","code":301,"protocol":"HTTP","enforcement_ratio":0.6666} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat + ... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.6666访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00017 + [Tags] selfserver http redirect ip+set-cookie右匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000017 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yy.com/","code":301,"protocol":"HTTP","enforcement_ratio":0.7777} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-00017.bat + ... ELSE set variable curl -kv http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.7777访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00018 + [Tags] selfserver http redirect ip+set-cookie字串匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000018 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.xiaohongshu.com/","code":302,"protocol":"HTTP","enforcement_ratio":0.8888} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-00017.bat + ... ELSE set variable curl -kv http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.8888访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00019 + [Tags] selfserver http redirect ip+set-cookie完整匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000019 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zhihu.com/signin?next=%2F","code":301,"protocol":"HTTP","enforcement_ratio":0.9999} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00020 + [Tags] selfserver http redirect ip+set-cookie左匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000020 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.pcauto.com.cn/","code":302,"protocol":"HTTP","enforcement_ratio":0.01} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-00017.bat + ... ELSE set variable curl -kv http://open.node.com/ + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.comBy + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.01访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00021 + [Tags] selfserver http redirect ip+请求体字串匹配 + Comment 创建请求体 + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000021 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.cmbchina.com/","code":301,"protocol":"HTTP","enforcement_ratio":0} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body"-kv http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + +ZJJ-ProxyPolicy-Redirect-Http-00022 + [Tags] selfserver 最大组合 http redirect + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建请求体 + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test + ${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=ZJJ-SecurityPolicy-Intercept-SSL-000022 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=ZJJ-ProxyPolicy-Redirect-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":301,"protocol":"HTTP","enforcement_ratio":1} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/selfserver/ProxyPolicy-Redirect-HTTP-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connected to open.node.com + ... ELSE Create List Connected to open.node.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} diff --git a/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot b/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot index 314ca73..a4c0238 100644 --- a/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot +++ b/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot @@ -14,7 +14,7 @@ Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} -${url} /policy/profile/responsepages +${url} /policy/profile/decryption ${profiledId} ${EMPTY} *** Test Cases *** @@ -61,15 +61,16 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} - #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} - #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - #${data} Create List ${requestbody} - #${response} CreatePolicyFileNoFile ${url} ${data} - #${mirror_profile} Get From Dictionary ${response} profileId + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -77,8 +78,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} - #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} @@ -97,7 +98,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.0001,"protocol":"HTTP"} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} @@ -115,7 +116,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA @@ -131,10 +132,11 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} - Append To File ${path}/enforcement_ratio.txt ${starttime} - Append To File ${path}/enforcement_ratio.txt ${logsize} - Append To File ${path}/enforcement_ratio.txt ${s} - Append To File ${path}/enforcement_ratio.txt ${endtime} + Append To File ${path}/enforcement_ratio.txt |Replace-SSL\r\n + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 @@ -180,13 +182,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} - #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} - #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - #${data} Create List ${requestbody} - #${response} CreatePolicyFileNoFile ${url} ${data} - #${mirror_profile} Get From Dictionary ${response} profileId + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -194,8 +197,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} - #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} @@ -214,7 +217,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.2,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} @@ -232,7 +235,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA @@ -248,10 +251,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} - Append To File ${path}/enforcement_ratio.txt ${starttime} - Append To File ${path}/enforcement_ratio.txt ${logsize} - Append To File ${path}/enforcement_ratio.txt ${s} - Append To File ${path}/enforcement_ratio.txt ${endtime} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 @@ -297,13 +300,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} - #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} - #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - #${data} Create List ${requestbody} - #${response} CreatePolicyFileNoFile ${url} ${data} - #${mirror_profile} Get From Dictionary ${response} profileId + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -311,8 +315,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} - #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} @@ -331,7 +335,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9,"protocol":"HTTP"} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.3,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} @@ -349,7 +353,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA @@ -365,10 +369,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} - Append To File ${path}/enforcement_ratio.txt ${starttime} - Append To File ${path}/enforcement_ratio.txt ${logsize} - Append To File ${path}/enforcement_ratio.txt ${s} - Append To File ${path}/enforcement_ratio.txt ${endtime} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 @@ -414,13 +418,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} - #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} - #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - #${data} Create List ${requestbody} - #${response} CreatePolicyFileNoFile ${url} ${data} - #${mirror_profile} Get From Dictionary ${response} profileId + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -428,8 +433,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} - #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} @@ -448,7 +453,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.4,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} @@ -466,7 +471,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA @@ -481,9 +486,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 [Tags] selfserver SIP+DIP+URL - ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip @@ -526,13 +536,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} - #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} - #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} - #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} - #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} - #${data} Create List ${requestbody} - #${response} CreatePolicyFileNoFile ${url} ${data} - #${mirror_profile} Get From Dictionary ${response} profileId + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -540,8 +551,126 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} - #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI + ... isValid=1 + ... appObjectIdArray=${3} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + + Comment 创建带有比例的替换策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=pxy_manipulation + ... policyDesc=${Default_PolicyDesc} + ... action=manipulation + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.5,"protocol":"HTTP"} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL + ... isValid=1 + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + ${s} Convert to String ${policyId} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} + #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} + # + #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} + #EditPolicy ${disablePolciy} + Comment 功能端验证SSL验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat + ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action + + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel + #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe + #Send failure: Connection was reset Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + log endfor + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com + log 22${logsize} + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 + [Tags] selfserver SIP+DIP+URL + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 + Comment 创建目标IP + ${objectDict} Create Dictionary + ... objectType=ip + ... isValid=1 + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_IPobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com/action + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + + #创建url + ${objectDict} Create Dictionary + ... objectType=fqdn + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_fqdnobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$open.node.com + ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId + Comment 创建拦截策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=intercept + ... effectiveRange=${Default_EffectiveRange} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} @@ -578,7 +707,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA @@ -594,21 +723,254 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} - Append To File ${path}/enforcement_ratio.txt ${starttime} - Append To File ${path}/enforcement_ratio.txt ${logsize} - Append To File ${path}/enforcement_ratio.txt ${s} - Append To File ${path}/enforcement_ratio.txt ${endtime} -#TestLogSize - #日志验证security_event_log - #GetLogListSize proxy_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co - #${logsize} GetLogListSize security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co - #log 11${logsize} - #${logsize} GetLogCount security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co - #log 22${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010 + [Tags] selfserver SIP+DIP+URL + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010 + Comment 创建目标IP + ${objectDict} Create Dictionary + ... objectType=ip + ... isValid=1 + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_IPobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com/action + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + + #创建url + ${objectDict} Create Dictionary + ... objectType=fqdn + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_fqdnobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$open.node.com + ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId + Comment 创建拦截策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=intercept + ... effectiveRange=${Default_EffectiveRange} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI + ... isValid=1 + ... appObjectIdArray=${3} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + + Comment 创建带有比例的替换策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=pxy_manipulation + ... policyDesc=${Default_PolicyDesc} + ... action=manipulation + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL + ... isValid=1 + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + ${s} Convert to String ${policyId} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} + #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} + # + #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} + #EditPolicy ${disablePolciy} + Comment 功能端验证SSL验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat + ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action + + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel + #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe + #Send failure: Connection was reset Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + log endfor + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com + log 22${logsize} + + + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} +ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011 + [Tags] selfserver SIP+DIP+URL + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011 + Comment 创建目标IP + ${objectDict} Create Dictionary + ... objectType=ip + ... isValid=1 + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_IPobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com/action + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + + #创建url + ${objectDict} Create Dictionary + ... objectType=fqdn + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_fqdnobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$open.node.com + ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId + Comment 创建拦截策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=intercept + ... effectiveRange=${Default_EffectiveRange} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI + ... isValid=1 + ... appObjectIdArray=${3} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + + Comment 创建带有比例的替换策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=pxy_manipulation + ... policyDesc=${Default_PolicyDesc} + ... action=manipulation + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL + ... isValid=1 + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + ${s} Convert to String ${policyId} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} + #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} + # + #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} + #EditPolicy ${disablePolciy} + Comment 功能端验证SSL验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat + ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action + + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel + #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe + #Send failure: Connection was reset Tango Secure Gateway CA + ... ELSE Create List Tango Secure Gateway CA + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + log endfor + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com + log 22${logsize} + + ${logsize} Convert to String ${logsize} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} + ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 [Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader - ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip @@ -665,6 +1027,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 ${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id} + ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} + ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} + ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} + #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} + ${data} set variable ${requestbody} + ${response} CreatePolicyFileNoFile ${url} ${data} + ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} @@ -672,7 +1042,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR ... isValid=1 ... appObjectIdArray=${2},${3} @@ -690,7 +1061,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 ... policyDesc=${caseName} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.111111,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR ... isValid=1 ... appObjectIdArray=${2} @@ -710,10 +1081,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat ... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA replacetest + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset - ... ELSE Create List Tango Secure Gateway CA replacetest + ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s @@ -722,9 +1093,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com + ${logsize} Convert to String ${logsize} - Append To File ${path}/enforcement_ratio.txt ${starttime} - Append To File ${path}/enforcement_ratio.txt ${logsize} - Append To File ${path}/enforcement_ratio.txt ${s} - Append To File ${path}/enforcement_ratio.txt ${endtime} + Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n + Append To File ${path}/enforcement_ratio.txt 0.111111访问1000次logsize:|${logsize} + Append To File ${path}/enforcement_ratio.txt s:|${s} + Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} \ No newline at end of file