diff --git a/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot b/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot index 882a3ff..09107d7 100644 --- a/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot +++ b/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot @@ -18,17 +18,129 @@ ${url} /policy/profile/responsepages ${profiledId} ${EMPTY} *** Test Cases *** -ZJJ_ProxyPolicy-Replace-Uri-00001 - [Tags] selfserver +ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 + [Tags] selfserver SIP+DIP+URL + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 + Comment 创建目标IP + ${objectDict} Create Dictionary + ... objectType=ip + ... isValid=1 + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_IPobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} - ${caseName} set variable ZJJ_ProxyPolicy-Replace-Uri-00001 - # 创建对象-IP - # addItemList全参数:(为方便说明,将参数值拆分为几部分,其实际值为单条无空格/回车字符串,每部分内代表的各参数不可跳跃。) - # [addrType]|[protocol]|[direction]|[isSession]# 第一部分(可省略) - # [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]& 第二部分(不可省略) - # [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]| 第三部分(可省略) - # [isInitialize]|[itemName]|[itemDesc], 第四部分(可省略) - # ... + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com/action + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + + #创建url + ${objectDict} Create Dictionary + ... objectType=fqdn + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_fqdnobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$open.node.com + ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + + #${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} + #${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} + #${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} + #${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} + #${data} Create List ${requestbody} + #${response} CreatePolicyFileNoFile ${url} ${data} + #${mirror_profile} Get From Dictionary ${response} profileId + Comment 创建拦截策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=intercept + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + #... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI + ... isValid=1 + ... appObjectIdArray=${3} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + + Comment 创建带有比例的替换策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=pxy_manipulation + ... policyDesc=${Default_PolicyDesc} + ... action=manipulation + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL + ... isValid=1 + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + ${s} Convert to String ${policyId} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} + #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} + # + #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} + #EditPolicy ${disablePolciy} + Comment 功能端验证SSL验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat + ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action + + ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel + #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe + #Send failure: Connection was reset Tango Secure Gateway CA + ... ELSE Create List schannel + + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + :FOR ${n} IN RANGE 1000 + SystemCommands ${commandstr} ${stringlist} + END + log endfor + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com + log 22${logsize} +TestLogSize + #日志验证security_event_log + #GetLogListSize proxy_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co + ${logsize} GetLogListSize security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co + log 11${logsize} + ${logsize} GetLogCount security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co + log 22${logsize} +ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 + [Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader + + ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip @@ -57,15 +169,61 @@ ZJJ_ProxyPolicy-Replace-Uri-00001 ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} - Comment 创建安全策略,针对所有协议,相当于BlackIP + #创建Resheader + ${objectDict} Create Dictionary + ... objectType=http_signature + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_signatureheaderobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie + ${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id} + + #创建ReqHeader + ${objectDict} Create Dictionary + ... objectType=http_signature + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_signatureheaderobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie + ${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id} + + Comment 创建拦截策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=intercept + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR + ... isValid=1 + ... appObjectIdArray=${2},${3} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3]}} + Comment 创建带有替换比例的策略"enforcement_ratio":0.9999 ${policyDict} Create Dictionary ... policyName=${caseName}_IPobject ... policyType=pxy_manipulation - ... policyDesc=${Default_PolicyDesc} + ... policyDesc=${caseName} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} - ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} - ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL + ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} + ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} @@ -78,16 +236,16 @@ ZJJ_ProxyPolicy-Replace-Uri-00001 ${policyIds} Create List {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # - ${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} - EditPolicy ${disablePolciy} + #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} + #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat - ... ELSE set variable curl -kv https://open.node.com/ + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat + ... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action - ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA replacetest #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset - ... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to + ... ELSE Create List Tango Secure Gateway CA replacetest ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s @@ -95,6 +253,5 @@ ZJJ_ProxyPolicy-Replace-Uri-00001 Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 - GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com - + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"阿斯蒂","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"find","replace_with":"replace"}],"protocol":"HTTP"},"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":10103,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} \ No newline at end of file diff --git a/01-TestCase/zjj/ZJJ_SecurityPolicy_Http.robot b/01-TestCase/zjj/ZJJ_SecurityPolicy_Http.robot new file mode 100644 index 0000000..17178f0 --- /dev/null +++ b/01-TestCase/zjj/ZJJ_SecurityPolicy_Http.robot @@ -0,0 +1,297 @@ +*** Settings *** +#Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags zjj tsg_proxy replace +Library OperatingSystem +Resource ../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../03-Variable/PolicyObjectDefault.txt +Resource ../../02-Keyword/tsg_common/StmpHandle.robot +Resource ../../03-Variable/BifangApiVariable.txt +Resource ../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot +Library Custometest +Library json + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/responsepages +${profiledId} ${EMPTY} + +*** Test Cases *** +ZJJ_SecurityPolicy-Deny-Http-Alert00001 + [Tags] ZJJ HttpAlert + ${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00001 + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com/action + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + #${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + ${objectids} set Variable ${object_URL_Id} + + #创建url + ${objectDict} Create Dictionary + ... objectType=fqdn + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_fqdnobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$open.node.com + ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} + + #创建Resheader + ${objectDict} Create Dictionary + ... objectType=http_signature + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_signatureheaderobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie + ${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id} + + #创建ReqHeader + ${objectDict} Create Dictionary + ... objectType=http_signature + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_signatureheaderobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=$JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie + ${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id} + + #创建ResBocy + ${objectDict} Create Dictionary + ... objectType=keywords + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_keywordsobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=创建ResBocy* + ${rescode} ${object_ResB_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResB_Id} + + #创建ReqBody + ${objectDict} Create Dictionary + ... objectType=keywords + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_http_keywordsobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=*创建ReqBocy + ${rescode} ${object_ReqB_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqB_Id} + + # 新增 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建Deny策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=deny + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol": "HTTP","method":"alert","code":200,"html_profile":${profiledId}} + ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_FQDN_Id}|TSG_FIELD_HTTP_HOST,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR,${object_ReqB_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${object_ResB_Id}|TSG_FIELD_HTTP_RES_CONTENT + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat + ... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Connection reset by peer + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + + + + + +ZJJ_SecurityPolicy-Deny-Http-Alert00002 + [Tags] ZJJ HttpAlert + ${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00002 + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=open.node.com + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + #${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + ${objectids} set Variable ${object_URL_Id} + + + # 新增 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建Deny策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=deny + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol": "HTTP","method":"alert","code":200,"html_profile":${profiledId}} + ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + +ZJJ_SecurityPolicy-Deny-Http-Alert00003 + [Tags] ZJJ HttpAlert + ${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00003 + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=www.icbc.com.cn + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + #${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + ${objectids} set Variable ${object_URL_Id} + + + # 新增 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建Deny策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=deny + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol": "HTTP","method":"alert","code":204,"html_profile":${profiledId}} + ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + + +ZJJ_SecurityPolicy-Deny-Http-Alert00004 + [Tags] ZJJ HttpAlert + ${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00004 + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=www.xiaozhu.com + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + #${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + ${objectids} set Variable ${object_URL_Id} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=deny + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol": "HTTP","method":"alert","code":200,"message":"alerttest200"} + ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} + +ZJJ_SecurityPolicy-Deny-Http-Alert00005 + [Tags] ZJJ HttpAlert + ${caseName} set variable ZJJ_SecurityPolicy-Deny-Http-Alert00005 + #创建url + ${objectDict} Create Dictionary + ... objectType=url + ... isValid=${1} + ... objectSubType=${Default_ObjectSubType} + ... isInitialize=${Default_IsInitialize} + ... isExclusion=${Default_IsExclusion} + ... objectName=${caseName}_URLobject + ... objectDesc=${Default_ObjectDesc} + ... subObjectIds=${Default_SubObjectIds} + ... addItemList=www.sinovision.net + ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} + #${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} + ${objectids} set Variable ${object_URL_Id} + + + Comment 创建Deny策略 + ${policyDict} Create Dictionary + ... policyName=${caseName} + ... policyType=tsg_security + ... policyDesc=${caseName} + ... action=deny + ... effectiveRange=${Default_EffectiveRange} + ... userRegion={"protocol": "HTTP","method":"alert","code":204,"message":"alerttest204"} + ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL + ... appObjectIdArray=${2} + ... userTags=${Default_UserTags} + ... doLog=${Default_DoLog} + ... scheduleId=${Default_ScheduleId} + + ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} diff --git a/02-Keyword/tsg_bfapi/LogSchema.robot b/02-Keyword/tsg_bfapi/LogSchema.robot index fcb8681..c6a1143 100644 --- a/02-Keyword/tsg_bfapi/LogSchema.robot +++ b/02-Keyword/tsg_bfapi/LogSchema.robot @@ -31,3 +31,39 @@ PostRemoteData Create Session api http://${host}:${port}/${version} headers=${header} ${remoteResponse} Post Request api ${url} data=${data} headers=${header} [Return] ${remoteResponse} + +GetALLLogCondition + [Arguments] ${logname} ${startTime} ${endTime} ${client_ip} ${policy_id} ${pageSize} ${pageNo} + Set Headers {"Content-Type":"application/x-www-form-urlencoded","Authorization":"${token}"} + &{LogSchemaResponse}= GET /v1/log/schema?logType=${logname} + log ${logname} + #Output Schema response body + Object response body + #Integer $.code 200 + log ${LogSchemaResponse.body['data']} + ${field} Evaluate json.dumps(eval(str(${LogSchemaResponse.body['data']['fields']}))) json + log ${field} + #${pageSize} Set Variable 30 + #${pageNo} Set Variable 1 + ${condition} Set Variable [{"value":["${startTime}","${endTime}"],"symbol":"between","field":"common_recv_time","type":"timestamp"}] + ${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_policy_ids":"${policy_id}"} + log this time query condition:${logCondition} + [Return] ${logCondition} + +GetLogCountConditon + [Arguments] ${logname} ${startTime} ${endTime} ${client_ip} ${policy_id} ${pageSize} ${pageNo} + Set Headers {"Content-Type":"application/x-www-form-urlencoded","Authorization":"${token}"} + &{LogSchemaResponse}= GET /v1/log/schema?logType=${logname} + log ${logname} + #Output Schema response body + Object response body + #Integer $.code 200 + log ${LogSchemaResponse.body['data']} + ${field} Evaluate json.dumps(eval(str(${LogSchemaResponse.body['data']['fields']}))) json + log ${field} + #${pageSize} Set Variable 30 + #${pageNo} Set Variable 1 + ${condition} Set Variable [{"value":["${startTime}","${endTime}"],"symbol":"between","field":"common_recv_time","type":"timestamp"}] + ${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","fields":${field},"start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition} ,"common_client_ips":"${client_ip}","common_policy_ids":"${policy_id}"} + log this time query condition:${logCondition} + [Return] ${logCondition} \ No newline at end of file diff --git a/02-Keyword/tsg_bfapi/LogVariable.robot b/02-Keyword/tsg_bfapi/LogVariable.robot index 62bbc83..9d05bd0 100644 --- a/02-Keyword/tsg_bfapi/LogVariable.robot +++ b/02-Keyword/tsg_bfapi/LogVariable.robot @@ -29,4 +29,32 @@ GetLogList Should Contain ${logs}"" ${client_ip} Should Contain ${logs}"" ${policy_id} Should Contain ${logs}"" ${parmkey} - Should Contain ${logs}"${parmkey}" ${parmvalue} \ No newline at end of file + Should Contain ${logs}"${parmkey}" ${parmvalue} + + + +GetLogListSize + [Documentation] + ... 描述:ProxyPinning + ... + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 + log ${logCondition} + ${LogListResponse} PostRemoteData /log/list ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${data} Get From Dictionary ${returnData} data + ${len} Get Length ${data}[list] + [Return] ${len} + + +GetLogCount + [Arguments] ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} ${parmkey} ${parmvalue} + ${logCondition} GetALLLogCondition ${logType} ${startTime} ${endTime} ${client_ip} ${policy_id} 10000 1 + ${LogListResponse} PostRemoteData /log/count ${logCondition} + Should Be Equal As Strings ${LogListResponse.status_code} 200 + ${returnData} To Json ${LogListResponse.content} + ${len} Set Variable ${LogListResponse.json()}[data][total] + #${len} Get From Dictionary ${returnData} total + [Return] ${len} + \ No newline at end of file diff --git a/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot b/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot index b066bab..9e68200 100644 --- a/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot +++ b/02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot @@ -103,6 +103,29 @@ CreatePolicyFile3 Log profileId:${profileId} [Return] ${response} +CreatePolicyFileNoFile + [Documentation] + ... 必传参数:url + ... 可选参数:data(不传时使用默认值) + [Arguments] ${url} ${data} + ${suffix} Generate Random String + ${profileName} Catenate SEPARATOR=_ test ${suffix} + ${listlenth}= Get Length ${data} + ${requestbody} Set Variable {"opAction":"add","returnData":1,"trafficMirrorList":[{"profileName":"${profileName}","addrType":"mac","isValid":1,"addrArray":["00:A1:B2:06:C3:29"]}]} + FOR ${var} IN RANGE ${listlenth} + #log ${var} + ${request} Set Variable ${data}[${var}] + END + ${content} Post-Request ${url} ${requestbody} + ${msg} Set Variable ${content['msg']} + ${list} Set Variable ${content['data']['list']} + ${profileId} Set Variable ${list[0]['profileId']} + ${profileName} Set Variable ${list[0]['profileName']} + ${response} Create Dictionary msg=${msg} profileId=${profileId} profileName=${profileName} + Log add operation:${msg} + Log profileId:${profileId} + [Return] ${response} + CreatePolicyMutipartFile [Documentation] ... 必传参数:url、filePath(文件路径)、pubFileName(证书文件名)、priFileName(私钥文件名) diff --git a/03-Variable/PolicyObjectDefault.txt b/03-Variable/PolicyObjectDefault.txt index 0e83bb2..ca65056 100644 --- a/03-Variable/PolicyObjectDefault.txt +++ b/03-Variable/PolicyObjectDefault.txt @@ -9,11 +9,11 @@ ${Default_PolicyDesc} autotest ${Default_Action} deny ${Default_EffectiveRange} Nursurtan|Transtelecom&Astel,|Astel&Transtelecom ${Default_UserRegion} method:rst -${Default_ReferenceObject} 1|TSG_SECURITY_DESTINATION_ADDR +${Default_ReferenceObject} ${EMPTY} ${Default_AppObjectIdArray} 2,3,4,5,6 -${Default_UserTags} 3 -${Default_DoLog} ${2} -${Default_ScheduleId} 7 +${Default_UserTags} 2 +${Default_DoLog} ${1} +${Default_ScheduleId} 1 # 对象 ${Default_ObjectType} ip diff --git a/05-Other/zjj/ZJJ_ProxyPolicy-Replace-00001.bat b/05-Other/zjj/ZJJ_ProxyPolicy-Replace-00001.bat new file mode 100644 index 0000000..1d126e9 --- /dev/null +++ b/05-Other/zjj/ZJJ_ProxyPolicy-Replace-00001.bat @@ -0,0 +1 @@ +curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=content-type;charset=utf-8&resBody=Response Body" https://open.node.com/action | iconv -f utf-8 -t gbk \ No newline at end of file