gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

提交allow和deny策略用例

Browse Source
This commit is contained in:
lyf
2021-05-06 09:24:49 +08:00
parent ca1bd18563
commit 63ae9e020d
10 changed files with 1055 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

504
01-TestCase/tsg_adc/api_security/DenyFtpTests.robot
View File

@@ -1,157 +1,347 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Library Custometest
*** Test Cases ***
SecurityPolicy-Deny-FTP-00001
[Tags] Deny Sub_Account
# #创建对象 Sub
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Sub_Id}
# ${objectids} set Variable ${object_Sub_Id}
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-Deny-FTP-00002
[Tags] Deny URI_Content
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象 URI
${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_URI_Id}
${objectids} set Variable ${object_URI_Id}
#创建对象 Content
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Content_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 下载
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
SecurityPolicy-Deny-FTP-00003
[Tags] Deny Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-Deny-FTP-00004
[Tags] Deny Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP_login ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" Graphical (Xorg) program starter for ADRIANE
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-Deny-FTP-00005
[Tags] Deny Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP_down ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" 435814 zmmtext123.txt
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
*** Settings ***
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource ../../../03-Variable/ApplicationID.txt
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-FTP-00001
[Tags] Deny IP FTP
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00002
[Tags] Deny IP FTP Account URI Content
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Account
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建URI
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
Comment 创建Content
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00003
[Tags] Deny IP FTP Account
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Account
${addItemList1} Create Dictionary keywordArray=*bellaircraftmuseum.org isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${Account} Create Dictionary attributeType=string attributeName=account appId=104 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
SecurityPolicy-Deny-FTP-00004
[Tags] Deny IP FTP URI
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建URI
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${url} Create Dictionary attributeType=string attributeName=url appId=104 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00005
[Tags] Deny IP FTP Content
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Content
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${Content} Create Dictionary attributeType=string attributeName=content appId=104 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "104"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true