diff --git a/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot b/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot index a12e7c2..9367715 100644 --- a/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowDnsTests.robot @@ -62,8 +62,6 @@ SecurityPolicy-Allow-DNS-00001 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.facebook.com diff --git a/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot b/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot index 51cb6a3..d482d10 100644 --- a/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowFtpTests.robot @@ -61,9 +61,7 @@ SecurityPolicy-Allow-FTP-00001 sleep 5 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time + Comment 功能端验证 ${FTP} FTP_login ftp://192.168.40.158/wlcsy.txt -u ftpuser:111111 中文文件内容 diff --git a/01-TestCase/tsg_adc/api_security/AllowMailTests.robot b/01-TestCase/tsg_adc/api_security/AllowMailTests.robot index 481f8cb..834da90 100644 --- a/01-TestCase/tsg_adc/api_security/AllowMailTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowMailTests.robot @@ -62,9 +62,6 @@ SecurityPolicy-Allow-MAIL-00001 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - Comment 功能端验证 ${Smtp服务器} Set Variable Smtp.163.com ${Smtp服务器端口} Set Variable 25 diff --git a/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot b/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot index e431c12..92a8be0 100644 --- a/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowQuicTests.robot @@ -62,8 +62,6 @@ SecurityPolicy-Allow-QUCI-00001 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time Comment 功能端验证HTTP验证 Open Browser https://www.facebook.com ${browserType} diff --git a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot index 381701b..6e05cf1 100644 --- a/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/AllowSSLTests.robot @@ -69,8 +69,6 @@ SecurityPolicy-Allow-SSL-00001 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time Comment 功能端验证HTTP验证 Open Browser https://www.facebook.com ${browserType} @@ -131,8 +129,6 @@ SecurityPolicy-Allow-SSL-00002 ${ok} VerifyProxy ${resData} ${objectid_verify} Should Be Equal As Strings ${ok} true - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time Comment 功能端验证HTTP验证 Open Browser https://www.facebook.com ${browserType} diff --git a/01-TestCase/tsg_adc/api_security/AllowSipTests.robot b/01-TestCase/tsg_adc/api_security/AllowSipTests.robot new file mode 100644 index 0000000..c9c8d83 --- /dev/null +++ b/01-TestCase/tsg_adc/api_security/AllowSipTests.robot @@ -0,0 +1,138 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +*** Test Cases *** +SecurityPolicy-Allow-SIP-00001 + [Tags] Allow IP SIP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=allow source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + # Comment 功能端验证 + + + # Comment 日志验证 + # #日志验证 + # ${s} Convert to String ${policyIds} + # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + # Should Be Equal As Strings ${returnvalue} true +SecurityPolicy-Allow-FTP-00002 + [Tags] Allow IP SIP Originator Description Responder Description + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Originator Description + ${addItemList1} Create Dictionary keywordArray=test1 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Responder Description + ${addItemList1} Create Dictionary keywordArray=test2 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP"} isValid=${1} appIdObjects=${SIP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"} + ${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${originator} ${responder} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + # Comment 功能端验证 + + + # Comment 日志验证 + # #日志验证 + # ${s} Convert to String ${policyIds} + # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + # Should Be Equal As Strings ${returnvalue} true + diff --git a/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot b/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot index 02e45ed..0f262f8 100644 --- a/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot @@ -1,157 +1,347 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc tsg_security -Library OperatingSystem -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot -Library Custometest - -*** Test Cases *** -SecurityPolicy-Deny-FTP-00001 - [Tags] Deny Sub_Account - # #创建对象 Sub - # ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - # log ${object_Sub_Id} - # ${objectids} set Variable ${object_Sub_Id} - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 登录 - should contain ${FTP} ftp_fail - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous - -SecurityPolicy-Deny-FTP-00002 - [Tags] Deny URI_Content - #创建对象IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #创建对象 URI - ${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_URI_Id} - ${objectids} set Variable ${object_URI_Id} - #创建对象 Content - ${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Content_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 下载 - should contain ${FTP} ftp_fail - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt - -SecurityPolicy-Deny-FTP-00003 - [Tags] Deny Sub_Account - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP 登录 - should contain ${FTP} ftp_fail - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous - - -SecurityPolicy-Deny-FTP-00004 - [Tags] Deny Sub_Account - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP_login ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" Graphical (Xorg) program starter for ADRIANE - should contain ${FTP} ftp_fail - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous - -SecurityPolicy-Deny-FTP-00005 - [Tags] Deny Sub_Account - #创建对象 Account - ${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}} - log ${object_Account_Id} - ${objectids} set Variable ${object_Account_Id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${FTP} FTP_down ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" 435814 zmmtext123.txt - should contain ${FTP} ftp_fail - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +*** Test Cases *** +SecurityPolicy-Deny-FTP-00001 + [Tags] Deny IP FTP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} ftp_fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail + ... ELSE should contain ${FTP} Fail + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true +SecurityPolicy-Deny-FTP-00002 + [Tags] Deny IP FTP Account URI Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建URI + ${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} ftp_fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail + ... ELSE should contain ${FTP} Fail + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-FTP-00003 + [Tags] Deny IP FTP Account + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} ftp_fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail + ... ELSE should contain ${FTP} Fail + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + + +SecurityPolicy-Deny-FTP-00004 + [Tags] Deny IP FTP URI + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建URI + ${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} ftp_fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail + ... ELSE should contain ${FTP} Fail + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-FTP-00005 + [Tags] Deny IP FTP Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Content + ${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 功能端验证 + ${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop + # should contain ${FTP} ftp_fail + run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail + ... ELSE should contain ${FTP} Fail + + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + Should Be Equal As Strings ${returnvalue} true diff --git a/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot b/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot new file mode 100644 index 0000000..3be5cc6 --- /dev/null +++ b/01-TestCase/tsg_adc/api_security/DenyQuicTests.robot @@ -0,0 +1,77 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Library Selenium2Library +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Deny-QUCI-00001 + [Tags] Deny IP QUIC + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"QUCI","method":"drop"} isValid=${1} appIdObjects=${QUIC_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "119"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + Open Browser https://www.facebook.com ${browserType} + sleep 2 + ${text} Get Text xpath=//*[@id="content"]/div/div/div/div[1]/h2 + Should Be Equal As Strings ${text} 联系你我,分享生活,尽在 Facebook + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} common_schema_type QUIC + Should Be Equal As Strings ${returnvalue} true + \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/DenySSLTests.robot b/01-TestCase/tsg_adc/api_security/DenySSLTests.robot index 7e0d914..9167b61 100644 --- a/01-TestCase/tsg_adc/api_security/DenySSLTests.robot +++ b/01-TestCase/tsg_adc/api_security/DenySSLTests.robot @@ -1,85 +1,354 @@ -*** Settings *** -Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} -Force Tags tsg_adc tsg_security -Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot -Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot -Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot - -*** Test Cases *** -SecurityPolicy-Deny-SSL-00001 - [Tags] Deny SSL SNI_SAN_CN_Category - #创建对象 IP - #${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}} - #log ${object_IP_Id} - #${objectids} set Variable ${object_Subid_Id} - #创建对象 SNI_CAT - ${rescodeip} ${object_SNI_CAT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SNI_CAT_Id} - ${objectids} set Variable ${object_SNI_CAT_Id} - #创建对象 SAN_CAT - ${rescode_deny} ${object_SAN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SAN_CAT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_CAT_id} - #创建对象 CN_CAT - ${rescode_deny} ${object_CN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CN_CAT_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_CAT_id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.jd.com - should contain ${commandreturn} 000 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu - -SecurityPolicy-Deny-SSL-00002 - [Tags] Deny Fqdn_SNI_CN_SAN - # #创建对象 Sub - # ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - # log ${object_Sub_Id} - # ${objectids} set Variable ${object_Sub_Id} - #创建对象 SNI_FQDN - ${rescodeip} ${object_SNI_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SNI_FQDN_Id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SNI_FQDN_Id} - #创建对象 SAN_FQDN - ${rescode_deny} ${object_SAN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_SAN_FQDN_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_FQDN_id} - #创建对象 CN_FQDN - ${rescode_deny} ${object_CN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}} - log ${object_CN_FQDN_id} - ${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_FQDN_id} - #创建策略 - #${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} - ... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - ${rescode} ${policyId2} AddPolicy ${addPolicyStr} - ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]} - ${policyIds} Create List ${policyId1} - #${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} - #log ${rescode} - #log ${policyId} - #功能端验证 - Sleep ${policyVerificationSleepSeconds}s - ${starttime} Get Time - ${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.sogou.com - should contain ${commandreturn} 200 - Sleep ${policyLogVerificationSleepSeconds}s - ${endtime} Get Time - #日志验证 - ${s} Convert to String ${policyId2} - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Library Selenium2Library +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Deny-SSL-00001 + [Tags] Deny IP SSL SNI SAN CN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SNI + ${addItemList1} Create Dictionary keywordArray=$www.prlib.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建CN + ${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建SAN + ${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} ${cn} ${san} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ... ELSE Create List timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-SSL-00002 + [Tags] Deny IP SSL SNI + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SNI + ${addItemList1} Create Dictionary keywordArray=$www.prlib.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ... ELSE Create List timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-SSL-00003 + [Tags] Deny IP SSL CN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建CN + ${addItemList1} Create Dictionary keywordArray=*prlib.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${cn} Create Dictionary attributeType=string attributeName=cn appId=126 appName=ssl protocol=ssl attributeValue={"string": "www.prlib.ru"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${cn} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00004_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ... ELSE Create List timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.prlib.ru + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-SSL-00004 + [Tags] Deny IP SSL SAN + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建SAN + ${addItemList1} Create Dictionary keywordArray=*austinama.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId3} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} filterList=${objectId3}|TSG_FIELD_SSL_SAN isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${san} Create Dictionary attributeType=string attributeName=san appId=126 appName=ssl protocol=ssl attributeValue={"string": "austinama.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${san} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ... ELSE Create List timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org + Should Be Equal As Strings ${returnvalue} true + +SecurityPolicy-Deny-SSL-00005 + [Tags] Deny IP SSL + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","method":"drop"} isValid=${1} appIdObjects=${SSL_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "126"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003.bat + ... ELSE set variable ${curlbatpath}/command/SecurityPolicy_Deny_SSL_00003_L.bat + ${stringlist} run keyword if '${systemType}'=='Windows' Create List timed out + ... ELSE Create List timed out + ${rescode} SystemCommands ${commandstr} ${stringlist} + + Comment 日志验证 + #日志验证 + ${s} Convert to String ${policyIds} + ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni austinama.org + Should Be Equal As Strings ${returnvalue} true \ No newline at end of file diff --git a/01-TestCase/tsg_adc/api_security/DenySipTests.robot b/01-TestCase/tsg_adc/api_security/DenySipTests.robot new file mode 100644 index 0000000..555e3ab --- /dev/null +++ b/01-TestCase/tsg_adc/api_security/DenySipTests.robot @@ -0,0 +1,138 @@ +*** Settings *** +Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} +Force Tags tsg_adc tsg_security +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../03-Variable/BifangApiVariable.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot +Library ../../../04-CustomLibrary/Library/VerifyPolicy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +*** Test Cases *** +SecurityPolicy-Deny-SIP-00001 + [Tags] Deny IP SIP + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SIP","method":"drop"} isValid=${1} appIdObjects=${SIP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "120"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + # Comment 功能端验证 + + + # Comment 日志验证 + # #日志验证 + # ${s} Convert to String ${policyIds} + # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + # Should Be Equal As Strings ${returnvalue} true +SecurityPolicy-Deny-FTP-00002 + [Tags] Deny IP FTP Account URI Content + Comment 创建IP + ${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0 + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + ${objectids} set Variable ${objectId} + + + Comment 创建Originator Description + ${addItemList1} Create Dictionary keywordArray=test1 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + Comment 创建Responder Description + ${addItemList1} Create Dictionary keywordArray=test2 isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId2} AddObjects ${1} ${objectDict1} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR filterList=${objectId1}|TSG_FIELD_SIP_ORIGINATOR_DESCRIPTION,${objectId2}|TSG_FIELD_SIP_RESPONDER_DESCRIPTION userRegion={"protocol":"SIP","method":"block","code":"480"} isValid=${1} appIdObjects=${SIP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyIds} set Variable ${policyId}[0][policyIds][0] + + ${starttime} Get Time + #功能端验证 + Sleep ${policyVerificationSleepSeconds}s + + Comment 策略验证 + #新增策略验证 + #创建attributes中的字典 + ${originator} Create Dictionary attributeType=string attributeName=originator appId=120 appName=SIP attributeValue={"string": "test1"} + ${responder} Create Dictionary attributeType=string attributeName=responder appId=120 appName=SIP attributeValue={"string": "test2"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${originator} ${responder} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectids} + ${objectid_verify} Catenate SEPARATOR=, ${policyIds} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + sleep 5 + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + # Comment 功能端验证 + + + # Comment 日志验证 + # #日志验证 + # ${s} Convert to String ${policyIds} + # ${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser + # Should Be Equal As Strings ${returnvalue} true +