1、中间件比率测试:只出数据不出结论;增加日志总量查询关键字;
2、制造http支持alert数据; 3、删除策略中目标对象的默认引用
This commit is contained in:
dongxiaoyan
@@ -18,17 +18,129 @@ ${url} /policy/profile/responsepages
|
||||
${profiledId} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
ZJJ_ProxyPolicy-Replace-Uri-00001
|
||||
[Tags] selfserver
|
||||
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
|
||||
[Tags] selfserver SIP+DIP+URL
|
||||
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=ip
|
||||
... isValid=1
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_IPobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
|
||||
${caseName} set variable ZJJ_ProxyPolicy-Replace-Uri-00001
|
||||
# 创建对象-IP
|
||||
# addItemList全参数:(为方便说明,将参数值拆分为几部分,其实际值为单条无空格/回车字符串,每部分内代表的各参数不可跳跃。)
|
||||
# [addrType]|[protocol]|[direction]|[isSession]# 第一部分(可省略)
|
||||
# [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]& 第二部分(不可省略)
|
||||
# [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]| 第三部分(可省略)
|
||||
# [isInitialize]|[itemName]|[itemDesc], 第四部分(可省略)
|
||||
# ...
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=open.node.com/action
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=fqdn
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_fqdnobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=$open.node.com
|
||||
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
|
||||
|
||||
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
|
||||
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
|
||||
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
|
||||
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
|
||||
#${data} Create List ${requestbody}
|
||||
#${response} CreatePolicyFileNoFile ${url} ${data}
|
||||
#${mirror_profile} Get From Dictionary ${response} profileId
|
||||
Comment 创建拦截策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=intercept
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
|
||||
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
|
||||
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
|
||||
... isValid=1
|
||||
... appObjectIdArray=${3}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
|
||||
|
||||
Comment 创建带有比例的替换策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=pxy_manipulation
|
||||
... policyDesc=${Default_PolicyDesc}
|
||||
... action=manipulation
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
|
||||
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... isValid=1
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
${s} Convert to String ${policyId}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
|
||||
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
|
||||
#
|
||||
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
|
||||
#EditPolicy ${disablePolciy}
|
||||
Comment 功能端验证SSL验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
|
||||
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
|
||||
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel
|
||||
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
|
||||
#Send failure: Connection was reset Tango Secure Gateway CA
|
||||
... ELSE Create List schannel
|
||||
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
:FOR ${n} IN RANGE 1000
|
||||
SystemCommands ${commandstr} ${stringlist}
|
||||
END
|
||||
log endfor
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
|
||||
log 22${logsize}
|
||||
TestLogSize
|
||||
#日志验证security_event_log
|
||||
#GetLogListSize proxy_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
|
||||
${logsize} GetLogListSize security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
|
||||
log 11${logsize}
|
||||
${logsize} GetLogCount security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
|
||||
log 22${logsize}
|
||||
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
|
||||
[Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader
|
||||
|
||||
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
|
||||
Comment 创建目标IP
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=ip
|
||||
@@ -57,15 +169,61 @@ ZJJ_ProxyPolicy-Replace-Uri-00001
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
|
||||
Comment 创建安全策略,针对所有协议,相当于BlackIP
|
||||
#创建Resheader
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=http_signature
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_signatureheaderobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie
|
||||
${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id}
|
||||
|
||||
#创建ReqHeader
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=http_signature
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_signatureheaderobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie
|
||||
${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id}
|
||||
|
||||
Comment 创建拦截策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=intercept
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
|
||||
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
|
||||
... isValid=1
|
||||
... appObjectIdArray=${2},${3}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3]}}
|
||||
Comment 创建带有替换比例的策略"enforcement_ratio":0.9999
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}_IPobject
|
||||
... policyType=pxy_manipulation
|
||||
... policyDesc=${Default_PolicyDesc}
|
||||
... policyDesc=${caseName}
|
||||
... action=manipulation
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
|
||||
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
|
||||
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR
|
||||
... isValid=1
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
@@ -78,16 +236,16 @@ ZJJ_ProxyPolicy-Replace-Uri-00001
|
||||
${policyIds} Create List {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
|
||||
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
|
||||
#
|
||||
${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
|
||||
EditPolicy ${disablePolciy}
|
||||
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
|
||||
#EditPolicy ${disablePolciy}
|
||||
Comment 功能端验证SSL验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat
|
||||
... ELSE set variable curl -kv https://open.node.com/
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat
|
||||
... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
|
||||
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA replacetest
|
||||
#OpenSSL SSL_connect: Connection was reset in connection to
|
||||
#Send failure: Connection was reset
|
||||
... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to
|
||||
... ELSE Create List Tango Secure Gateway CA replacetest
|
||||
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
@@ -95,6 +253,5 @@ ZJJ_ProxyPolicy-Replace-Uri-00001
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
|
||||
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
|
||||
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"阿斯蒂","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"find","replace_with":"replace"}],"protocol":"HTTP"},"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":10103,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
|
||||
297
01-TestCase/zjj/ZJJ_SecurityPolicy_Http.robot
Normal file
297
01-TestCase/zjj/ZJJ_SecurityPolicy_Http.robot
Normal file
@@ -0,0 +1,297 @@
|
||||
*** Settings ***
|
||||
#Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
|
||||
Force Tags zjj tsg_proxy replace
|
||||
Library OperatingSystem
|
||||
Resource ../../02-Keyword/tsg_adc/SystemCommand.robot
|
||||
Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||||
Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||||
Resource ../../03-Variable/PolicyObjectDefault.txt
|
||||
Resource ../../02-Keyword/tsg_common/StmpHandle.robot
|
||||
Resource ../../03-Variable/BifangApiVariable.txt
|
||||
Resource ../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
|
||||
Library Custometest
|
||||
Library json
|
||||
|
||||
*** Variables ***
|
||||
${policyIds} ${EMPTY}
|
||||
${objectids} ${EMPTY}
|
||||
${url} /policy/profile/responsepages
|
||||
${profiledId} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
ZJJ_SecurityPolicy-Deny-Http-Alert00001
|
||||
[Tags] ZJJ HttpAlert
|
||||
${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00001
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=open.node.com/action
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
#${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
${objectids} set Variable ${object_URL_Id}
|
||||
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=fqdn
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_fqdnobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=$open.node.com
|
||||
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
|
||||
|
||||
#创建Resheader
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=http_signature
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_signatureheaderobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie
|
||||
${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id}
|
||||
|
||||
#创建ReqHeader
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=http_signature
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_signatureheaderobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=$JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie
|
||||
${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id}
|
||||
|
||||
#创建ResBocy
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=keywords
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_keywordsobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=创建ResBocy*
|
||||
${rescode} ${object_ResB_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResB_Id}
|
||||
|
||||
#创建ReqBody
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=keywords
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_http_keywordsobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=*创建ReqBocy
|
||||
${rescode} ${object_ReqB_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqB_Id}
|
||||
|
||||
# 新增
|
||||
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
|
||||
${profiledId} Get From Dictionary ${response} profileId
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=deny
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol": "HTTP","method":"alert","code":200,"html_profile":${profiledId}}
|
||||
... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_FQDN_Id}|TSG_FIELD_HTTP_HOST,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR,${object_ReqB_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${object_ResB_Id}|TSG_FIELD_HTTP_RES_CONTENT
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
|
||||
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
|
||||
... ELSE Create List Connection reset by peer
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
ZJJ_SecurityPolicy-Deny-Http-Alert00002
|
||||
[Tags] ZJJ HttpAlert
|
||||
${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00002
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=open.node.com
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
#${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
${objectids} set Variable ${object_URL_Id}
|
||||
|
||||
|
||||
# 新增
|
||||
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
|
||||
${profiledId} Get From Dictionary ${response} profileId
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=deny
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol": "HTTP","method":"alert","code":200,"html_profile":${profiledId}}
|
||||
... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
|
||||
ZJJ_SecurityPolicy-Deny-Http-Alert00003
|
||||
[Tags] ZJJ HttpAlert
|
||||
${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00003
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=www.icbc.com.cn
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
#${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
${objectids} set Variable ${object_URL_Id}
|
||||
|
||||
|
||||
# 新增
|
||||
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
|
||||
${profiledId} Get From Dictionary ${response} profileId
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=deny
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol": "HTTP","method":"alert","code":204,"html_profile":${profiledId}}
|
||||
... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
|
||||
|
||||
ZJJ_SecurityPolicy-Deny-Http-Alert00004
|
||||
[Tags] ZJJ HttpAlert
|
||||
${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00004
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=www.xiaozhu.com
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
#${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
${objectids} set Variable ${object_URL_Id}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=deny
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol": "HTTP","method":"alert","code":200,"message":"alerttest200"}
|
||||
... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
|
||||
ZJJ_SecurityPolicy-Deny-Http-Alert00005
|
||||
[Tags] ZJJ HttpAlert
|
||||
${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00005
|
||||
#创建url
|
||||
${objectDict} Create Dictionary
|
||||
... objectType=url
|
||||
... isValid=${1}
|
||||
... objectSubType=${Default_ObjectSubType}
|
||||
... isInitialize=${Default_IsInitialize}
|
||||
... isExclusion=${Default_IsExclusion}
|
||||
... objectName=${caseName}_URLobject
|
||||
... objectDesc=${Default_ObjectDesc}
|
||||
... subObjectIds=${Default_SubObjectIds}
|
||||
... addItemList=www.sinovision.net
|
||||
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
|
||||
#${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
|
||||
${objectids} set Variable ${object_URL_Id}
|
||||
|
||||
|
||||
Comment 创建Deny策略
|
||||
${policyDict} Create Dictionary
|
||||
... policyName=${caseName}
|
||||
... policyType=tsg_security
|
||||
... policyDesc=${caseName}
|
||||
... action=deny
|
||||
... effectiveRange=${Default_EffectiveRange}
|
||||
... userRegion={"protocol": "HTTP","method":"alert","code":204,"message":"alerttest204"}
|
||||
... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL
|
||||
... appObjectIdArray=${2}
|
||||
... userTags=${Default_UserTags}
|
||||
... doLog=${Default_DoLog}
|
||||
... scheduleId=${Default_ScheduleId}
|
||||
|
||||
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
|
||||
@@ -31,3 +31,39 @@ PostRemoteData
|
||||
Create Session api http://${host}:${port}/${version} headers=${header}
|
||||
${remoteResponse} Post Request api ${url} data=${data} headers=${header}
|
||||
[Return] ${remoteResponse}
|
||||
|
||||
GetALLLogCondition
|
||||
[Arguments] ${logname} ${startTime} ${endTime} ${client_ip} ${policy_id} ${pageSize} ${pageNo}
|
||||
Set Headers {"Content-Type":"application/x-www-form-urlencoded","Authorization":"${token}"}
|
||||
&{LogSchemaResponse}= GET /v1/log/schema?logType=${logname}
|
||||
log ${logname}
|
||||
#Output Schema response body
|
||||
Object response body
|
||||
#Integer $.code 200
|
||||
log ${LogSchemaResponse.body['data']}
|
||||
${field} Evaluate json.dumps(eval(str(${LogSchemaResponse.body['data']['fields']}))) json
|
||||
log ${field}
|
||||
#${pageSize} Set Variable 30
|
||||
#${pageNo} Set Variable 1
|
||||
${condition} Set Variable [{"value":["${startTime}","${endTime}"],"symbol":"between","field":"common_recv_time","type":"timestamp"}]
|
||||
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_policy_ids":"${policy_id}"}
|
||||
log this time query condition:${logCondition}
|
||||
[Return] ${logCondition}
|
||||
|
||||
GetLogCountConditon
|
||||
[Arguments] ${logname} ${startTime} ${endTime} ${client_ip} ${policy_id} ${pageSize} ${pageNo}
|
||||
Set Headers {"Content-Type":"application/x-www-form-urlencoded","Authorization":"${token}"}
|
||||
&{LogSchemaResponse}= GET /v1/log/schema?logType=${logname}
|
||||
log ${logname}
|
||||
#Output Schema response body
|
||||
Object response body
|
||||
#Integer $.code 200
|
||||
log ${LogSchemaResponse.body['data']}
|
||||
${field} Evaluate json.dumps(eval(str(${LogSchemaResponse.body['data']['fields']}))) json
|
||||
log ${field}
|
||||
#${pageSize} Set Variable 30
|
||||
#${pageNo} Set Variable 1
|
||||
${condition} Set Variable [{"value":["${startTime}","${endTime}"],"symbol":"between","field":"common_recv_time","type":"timestamp"}]
|
||||
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_policy_ids":"${policy_id}"}
|
||||
log this time query condition:${logCondition}
|
||||
[Return] ${logCondition}
|
||||
@@ -29,4 +29,32 @@ GetLogList
|
||||
Should Contain ${logs}"" ${client_ip}
|
||||
Should Contain ${logs}"" ${policy_id}
|
||||
Should Contain ${logs}"" ${parmkey}
|
||||
Should Contain ${logs}"${parmkey}" ${parmvalue}
|
||||
Should Contain ${logs}"${parmkey}" ${parmvalue}
|
||||
|
||||
|
||||
|
||||
GetLogListSize
|
||||
[Documentation]
|
||||
... 描述:ProxyPinning
|
||||
...
|
||||
[Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1
|
||||
log ${logCondition}
|
||||
${LogListResponse} PostRemoteData /log/list ${logCondition}
|
||||
Should Be Equal As Strings ${LogListResponse.status_code} 200
|
||||
${returnData} To Json ${LogListResponse.content}
|
||||
${data} Get From Dictionary ${returnData} data
|
||||
${len} Get Length ${data}[list]
|
||||
[Return] ${len}
|
||||
|
||||
|
||||
GetLogCount
|
||||
[Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue}
|
||||
${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1
|
||||
${LogListResponse} PostRemoteData /log/count ${logCondition}
|
||||
Should Be Equal As Strings ${LogListResponse.status_code} 200
|
||||
${returnData} To Json ${LogListResponse.content}
|
||||
${len} Set Variable ${LogListResponse.json()}[data][total]
|
||||
#${len} Get From Dictionary ${returnData} total
|
||||
[Return] ${len}
|
||||
|
||||
@@ -103,6 +103,29 @@ CreatePolicyFile3
|
||||
Log profileId:${profileId}
|
||||
[Return] ${response}
|
||||
|
||||
CreatePolicyFileNoFile
|
||||
[Documentation]
|
||||
... 必传参数:url
|
||||
... 可选参数:data(不传时使用默认值)
|
||||
[Arguments] ${url} ${data}
|
||||
${suffix} Generate Random String
|
||||
${profileName} Catenate SEPARATOR=_ test ${suffix}
|
||||
${listlenth}= Get Length ${data}
|
||||
${requestbody} Set Variable {"opAction":"add","returnData":1,"trafficMirrorList":[{"profileName":"${profileName}","addrType":"mac","isValid":1,"addrArray":["00:A1:B2:06:C3:29"]}]}
|
||||
FOR ${var} IN RANGE ${listlenth}
|
||||
#log ${var}
|
||||
${request} Set Variable ${data}[${var}]
|
||||
END
|
||||
${content} Post-Request ${url} ${requestbody}
|
||||
${msg} Set Variable ${content['msg']}
|
||||
${list} Set Variable ${content['data']['list']}
|
||||
${profileId} Set Variable ${list[0]['profileId']}
|
||||
${profileName} Set Variable ${list[0]['profileName']}
|
||||
${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName}
|
||||
Log add operation:${msg}
|
||||
Log profileId:${profileId}
|
||||
[Return] ${response}
|
||||
|
||||
CreatePolicyMutipartFile
|
||||
[Documentation]
|
||||
... 必传参数:url、filePath(文件路径)、pubFileName(证书文件名)、priFileName(私钥文件名)
|
||||
|
||||
@@ -9,11 +9,11 @@ ${Default_PolicyDesc} autotest
|
||||
${Default_Action} deny
|
||||
${Default_EffectiveRange} Nursurtan|Transtelecom&Astel,|Astel&Transtelecom
|
||||
${Default_UserRegion} method:rst
|
||||
${Default_ReferenceObject} 1|TSG_SECURITY_DESTINATION_ADDR
|
||||
${Default_ReferenceObject} ${EMPTY}
|
||||
${Default_AppObjectIdArray} 2,3,4,5,6
|
||||
${Default_UserTags} 3
|
||||
${Default_DoLog} ${2}
|
||||
${Default_ScheduleId} 7
|
||||
${Default_UserTags} 2
|
||||
${Default_DoLog} ${1}
|
||||
${Default_ScheduleId} 1
|
||||
|
||||
# 对象
|
||||
${Default_ObjectType} ip
|
||||
|
||||
1
05-Other/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
Normal file
1
05-Other/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
Normal file
@@ -0,0 +1 @@
|
||||
curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=content-type;charset=utf-8&resBody=Response Body" https://open.node.com/action | iconv -f utf-8 -t gbk
|
||||
Reference in New Issue
Block a user