提交allow和deny策略用例
This commit is contained in:
lyf
@@ -62,8 +62,6 @@ SecurityPolicy-Allow-DNS-00001
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.facebook.com
|
||||
|
||||
@@ -61,9 +61,7 @@ SecurityPolicy-Allow-FTP-00001
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/wlcsy.txt -u ftpuser:111111 中文文件内容
|
||||
|
||||
@@ -62,9 +62,6 @@ SecurityPolicy-Allow-MAIL-00001
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证
|
||||
${Smtp服务器} Set Variable Smtp.163.com
|
||||
${Smtp服务器端口} Set Variable 25
|
||||
|
||||
@@ -62,8 +62,6 @@ SecurityPolicy-Allow-QUCI-00001
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
|
||||
@@ -69,8 +69,6 @@ SecurityPolicy-Allow-SSL-00001
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
@@ -131,8 +129,6 @@ SecurityPolicy-Allow-SSL-00002
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
|
||||
138
01-TestCase/tsg_adc/api_security/AllowSipTests.robot
Normal file
138
01-TestCase/tsg_adc/api_security/AllowSipTests.robot
Normal file
@@ -0,0 +1,138 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Allow-SIP-00001
|
||||
[Tags] Allow IP SIP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
# Comment 功能端验证
|
||||
|
||||
|
||||
# Comment 日志验证
|
||||
# #日志验证
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
# Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Allow-FTP-00002
|
||||
[Tags] Allow IP SIP Originator Description Responder Description
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Originator Description
|
||||
${addItemList1} Create Dictionary keywordArray=test1 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Responder Description
|
||||
${addItemList1} Create Dictionary keywordArray=test2 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${originator} ${responder}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
# Comment 功能端验证
|
||||
|
||||
|
||||
# Comment 日志验证
|
||||
# #日志验证
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
# Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -1,157 +1,347 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Library Custometest
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-FTP-00001
|
||||
[Tags] Deny Sub_Account
|
||||
# #创建对象 Sub
|
||||
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
# log ${object_Sub_Id}
|
||||
# ${objectids} set Variable ${object_Sub_Id}
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 登录
|
||||
should contain ${FTP} ftp_fail
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
|
||||
|
||||
SecurityPolicy-Deny-FTP-00002
|
||||
[Tags] Deny URI_Content
|
||||
#创建对象IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#创建对象 URI
|
||||
${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_URI_Id}
|
||||
${objectids} set Variable ${object_URI_Id}
|
||||
#创建对象 Content
|
||||
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Content_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 下载
|
||||
should contain ${FTP} ftp_fail
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
|
||||
|
||||
SecurityPolicy-Deny-FTP-00003
|
||||
[Tags] Deny Sub_Account
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP 登录
|
||||
should contain ${FTP} ftp_fail
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
|
||||
|
||||
|
||||
SecurityPolicy-Deny-FTP-00004
|
||||
[Tags] Deny Sub_Account
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP_login ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" Graphical (Xorg) program starter for ADRIANE
|
||||
should contain ${FTP} ftp_fail
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
|
||||
|
||||
SecurityPolicy-Deny-FTP-00005
|
||||
[Tags] Deny Sub_Account
|
||||
#创建对象 Account
|
||||
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
|
||||
log ${object_Account_Id}
|
||||
${objectids} set Variable ${object_Account_Id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${FTP} FTP_down ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" 435814 zmmtext123.txt
|
||||
should contain ${FTP} ftp_fail
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-FTP-00001
|
||||
[Tags] Deny IP FTP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} ftp_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Deny-FTP-00002
|
||||
[Tags] Deny IP FTP Account URI Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建URI
|
||||
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建Content
|
||||
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} ftp_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-FTP-00003
|
||||
[Tags] Deny IP FTP Account
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Account
|
||||
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} ftp_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
|
||||
|
||||
SecurityPolicy-Deny-FTP-00004
|
||||
[Tags] Deny IP FTP URI
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建URI
|
||||
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} ftp_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-FTP-00005
|
||||
[Tags] Deny IP FTP Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Content
|
||||
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
Comment 功能端验证
|
||||
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
|
||||
# should contain ${FTP} ftp_fail
|
||||
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
|
||||
... ELSE should contain ${FTP} Fail
|
||||
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
77
01-TestCase/tsg_adc/api_security/DenyQuicTests.robot
Normal file
77
01-TestCase/tsg_adc/api_security/DenyQuicTests.robot
Normal file
@@ -0,0 +1,77 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Selenium2Library
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-QUCI-00001
|
||||
[Tags] Deny IP QUIC
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"QUCI","method":"drop"} isValid=${1} appIdObjects=${QUIC_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
Open Browser https://www.facebook.com ${browserType}
|
||||
sleep 2
|
||||
${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2
|
||||
Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} common_schema_type QUIC
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
@@ -1,85 +1,354 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-SSL-00001
|
||||
[Tags] Deny SSL SNI_SAN_CN_Category
|
||||
#创建对象 IP
|
||||
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
#log ${object_IP_Id}
|
||||
#${objectids} set Variable ${object_Subid_Id}
|
||||
#创建对象 SNI_CAT
|
||||
${rescodeip} ${object_SNI_CAT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_SNI_CAT_Id}
|
||||
${objectids} set Variable ${object_SNI_CAT_Id}
|
||||
#创建对象 SAN_CAT
|
||||
${rescode_deny} ${object_SAN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_SAN_CAT_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_CAT_id}
|
||||
#创建对象 CN_CAT
|
||||
${rescode_deny} ${object_CN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_CN_CAT_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_CAT_id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.jd.com
|
||||
should contain ${commandreturn} 000
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu
|
||||
|
||||
SecurityPolicy-Deny-SSL-00002
|
||||
[Tags] Deny Fqdn_SNI_CN_SAN
|
||||
# #创建对象 Sub
|
||||
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
# log ${object_Sub_Id}
|
||||
# ${objectids} set Variable ${object_Sub_Id}
|
||||
#创建对象 SNI_FQDN
|
||||
${rescodeip} ${object_SNI_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_SNI_FQDN_Id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SNI_FQDN_Id}
|
||||
#创建对象 SAN_FQDN
|
||||
${rescode_deny} ${object_SAN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_SAN_FQDN_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_FQDN_id}
|
||||
#创建对象 CN_FQDN
|
||||
${rescode_deny} ${object_CN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
|
||||
log ${object_CN_FQDN_id}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_FQDN_id}
|
||||
#创建策略
|
||||
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
|
||||
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
|
||||
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
|
||||
${policyIds} Create List ${policyId1}
|
||||
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
|
||||
#log ${rescode}
|
||||
#log ${policyId}
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${starttime} Get Time
|
||||
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.sogou.com
|
||||
should contain ${commandreturn} 200
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId2}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Library Selenium2Library
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-SSL-00001
|
||||
[Tags] Deny IP SSL SNI SAN CN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SNI
|
||||
${addItemList1} Create Dictionary keywordArray=$www.prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建CN
|
||||
${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建SAN
|
||||
${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} ${cn} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-SSL-00002
|
||||
[Tags] Deny IP SSL SNI
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SNI
|
||||
${addItemList1} Create Dictionary keywordArray=$www.prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-SSL-00003
|
||||
[Tags] Deny IP SSL CN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建CN
|
||||
${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${cn}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-SSL-00004
|
||||
[Tags] Deny IP SSL SAN
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建SAN
|
||||
${addItemList1} Create Dictionary keywordArray=*austinama.org isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId3}|TSG_FIELD_SSL_SAN isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "austinama.org"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${san}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
SecurityPolicy-Deny-SSL-00005
|
||||
[Tags] Deny IP SSL
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} isValid=${1} appIdObjects=${SSL_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"}
|
||||
${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat
|
||||
... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out
|
||||
... ELSE Create List timed out
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
|
||||
Comment 日志验证
|
||||
#日志验证
|
||||
${s} Convert to String ${policyIds}
|
||||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org
|
||||
Should Be Equal As Strings ${returnvalue} true
|
||||
138
01-TestCase/tsg_adc/api_security/DenySipTests.robot
Normal file
138
01-TestCase/tsg_adc/api_security/DenySipTests.robot
Normal file
@@ -0,0 +1,138 @@
|
||||
*** Settings ***
|
||||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||||
Force Tags tsg_adc tsg_security
|
||||
Library OperatingSystem
|
||||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||||
Resource ../../../03-Variable/ApplicationID.txt
|
||||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-SIP-00001
|
||||
[Tags] Deny IP SIP
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SIP","method":"drop"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
# Comment 功能端验证
|
||||
|
||||
|
||||
# Comment 日志验证
|
||||
# #日志验证
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
# Should Be Equal As Strings ${returnvalue} true
|
||||
SecurityPolicy-Deny-FTP-00002
|
||||
[Tags] Deny IP FTP Account URI Content
|
||||
Comment 创建IP
|
||||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
|
||||
Comment 创建Originator Description
|
||||
${addItemList1} Create Dictionary keywordArray=test1 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||||
|
||||
Comment 创建Responder Description
|
||||
${addItemList1} Create Dictionary keywordArray=test2 isHexbin=${0}
|
||||
${addItemLists} Create list ${addItemList1}
|
||||
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
|
||||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP","method":"block","code":"480"} isValid=${1} appIdObjects=${SIP_ID}
|
||||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||||
|
||||
${starttime} Get Time
|
||||
#功能端验证
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
|
||||
Comment 策略验证
|
||||
#新增策略验证
|
||||
#创建attributes中的字典
|
||||
${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"}
|
||||
${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"}
|
||||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
|
||||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
|
||||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
|
||||
# 合成attributes字典集
|
||||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${originator} ${responder}
|
||||
${verifySession} Create Dictionary attributes=${attributes}
|
||||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||||
log ${verifyList}
|
||||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||||
# 打印检查结果
|
||||
${objectid_verify} Set Variable ${objectids}
|
||||
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
|
||||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||||
log ${objectid_verify}
|
||||
${testType} Evaluate type($objectid_verify)
|
||||
${testType} Evaluate type($resData)
|
||||
log ${resData}
|
||||
sleep 5
|
||||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||||
Should Be Equal As Strings ${ok} true
|
||||
|
||||
# Comment 功能端验证
|
||||
|
||||
|
||||
# Comment 日志验证
|
||||
# #日志验证
|
||||
# ${s} Convert to String ${policyIds}
|
||||
# ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
|
||||
# Should Be Equal As Strings ${returnvalue} true
|
||||
|
||||
Reference in New Issue
Block a user