gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

中间件比率测试

Browse Source
This commit is contained in:
dongxiaoyan
2020-05-09 12:59:36 +08:00
parent 7cd6e0cbc2
commit 5460b8e84e
4 changed files with 3884 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

550
01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot
View File

@@ -14,7 +14,7 @@ Library json
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${url} /policy/profile/decryption
${profiledId} ${EMPTY}
*** Test Cases ***
@@ -61,15 +61,16 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -77,8 +78,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
@@ -97,7 +98,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.0001,"protocol":"HTTP"}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
@@ -115,7 +116,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
@@ -131,10 +132,11 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
Append To File ${path}/enforcement_ratio.txt |Replace-SSL\r\n
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
@@ -180,13 +182,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -194,8 +197,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
@@ -214,7 +217,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.2,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
@@ -232,7 +235,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
@@ -248,10 +251,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
@@ -297,13 +300,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -311,8 +315,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
@@ -331,7 +335,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9,"protocol":"HTTP"}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.3,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
@@ -349,7 +353,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
@@ -365,10 +369,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
@@ -414,13 +418,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -428,8 +433,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
@@ -448,7 +453,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.4,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
@@ -466,7 +471,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
@@ -481,9 +486,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
@@ -526,13 +536,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -540,8 +551,126 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.5,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
@@ -578,7 +707,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
@@ -594,21 +723,254 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
#TestLogSize
#日志验证security_event_log
#GetLogListSize proxy_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#${logsize} GetLogListSize security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#log 11${logsize}
#${logsize} GetLogCount security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#log 22${logsize}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
[Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
@@ -665,6 +1027,14 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id}
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]}
#{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}}
${data} set variable ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
${decryption_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
@@ -672,7 +1042,8 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
... isValid=1
... appObjectIdArray=${2},${3}
@@ -690,7 +1061,7 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
... policyDesc=${caseName}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.111111,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR
... isValid=1
... appObjectIdArray=${2}
@@ -710,10 +1081,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat
... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA replacetest
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
#OpenSSL SSL_connect: Connection was reset in connection to
#Send failure: Connection was reset
... ELSE Create List Tango Secure Gateway CA replacetest
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
@@ -722,9 +1093,10 @@ ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n
Append To File ${path}/enforcement_ratio.txt 0.111111访问1000次logsize:|${logsize}
Append To File ${path}/enforcement_ratio.txt s:|${s}
Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}