From 75cb1b5e2808b3891f7b77e9a220e5ce9941474d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A7=AC=E5=B7=8D=E5=B7=9D?= Date: Fri, 24 Apr 2020 10:38:31 +0800 Subject: [PATCH] =?UTF-8?q?deny=E4=B8=ADDNS=E6=B5=8B=E8=AF=95=E5=B7=B2?= =?UTF-8?q?=E9=80=9A=E8=BF=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Api_Security/Deny_DNS_Tests.robot | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot new file mode 100644 index 0000000..a75a488 --- /dev/null +++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot @@ -0,0 +1,64 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc Security_Policy +Library OperatingSystem +Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} + +*** Test Cases *** +SecurityPolicy-Deny-DNS-00001 + [Tags] Selfserver deny DNS ip+fqdn右匹配 + Comment FQDN + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*yhd.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "DNS","method":"drop"} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.yhd.com + ... ELSE set variable nslookup -d www.yhd.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 + ... ELSE Create List 超时 + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname yhd.com + +SecurityPolicy-Deny-DNS-00002 + [Tags] Selfserver deny DNS ip+cat完整匹配 + Comment FQDN + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$www.toutiao.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]} isValid=${1} appObjectIdArray=4 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.toutiao.com + ... ELSE set variable nslookup -d www.toutiao.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List canonical name =www.vip.com + ... ELSE Create List canonical name =www.vip.com + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname toutiao.com