diff --git a/01-TestCase/tsg_adc/selfserver/Api_Proxy/Hijack_Ssl_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Proxy/Hijack_Ssl_Tests.robot new file mode 100644 index 0000000..8128b0e --- /dev/null +++ b/01-TestCase/tsg_adc/selfserver/Api_Proxy/Hijack_Ssl_Tests.robot @@ -0,0 +1,826 @@ +*** Settings *** +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} +Force Tags tsg_adc proxy_policy +Library OperatingSystem +Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot +Resource ../../../../03-Variable/AllFlowCaseVariable.txt + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} /policy/profile/hijackfiles +${profiledId} ${EMPTY} + +*** Test Cases *** +ProxyPolicy-Hijack-Ssl-00001 + [Tags] selfserver ip ssl Hijack + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1} + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test.apk" Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test.apk" Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00002 + [Tags] selfserver ip+fqdn完整匹配 ssl Hijack + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By \ \ Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00003 + [Tags] selfserver ip+cat右匹配 ssl Hijack + Comment 创建cat + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com + ${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_cat_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test-1.exe" Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test-1.exe" Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00004 + [Tags] selfserver ssl Hijack ip+url右匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test-6.svg" Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test-6.svg" Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00005 + [Tags] selfserver ssl Hijack ip+url字串匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test-5.png" Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test-5.png" Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00006 + [Tags] selfserver ssl Hijack ip+url完整匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test-4.jpeg" Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test-4.jpeg" Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00007 + [Tags] selfserver ssl Hijack ip+url左匹配 + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node* + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + @{stringlist} run keyword if '${systemType}'=='Windows' Create List Content-Disposition: filename="Create-Hijack\bFiles-test-2.gif Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List Content-Disposition: filename="Create-Hijack\bFiles-test-2.gif Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00008 + [Tags] selfserver ssl Hijack ip+请求头右匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + @{stringlist} run keyword if '${systemType}'=='Windows' Create List open.node.com X-TG-Construct-By Tango Secure Gateway CA + ... ELSE Create List open.node.com X-TG-Construct-By Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00009 + [Tags] selfserver ssl Hijack ip+请求头字串匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json X-TG-Construct-By Tango Secure Gateway CA + ... ELSE Create List text/json X-TG-Construct-By Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00010 + [Tags] selfserver ssl Hijack ip+请求头完整匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + @{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求 X-TG-Construct-By Tango Secure Gateway CA + ... ELSE Create List 发送GET请求 X-TG-Construct-By Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00011 + [Tags] selfserver ssl Hijack ip+请求头左匹配 + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat + ... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json X-TG-Construct-By Tango Secure Gateway CA + ... ELSE Create List Create List text/json X-TG-Construct-By Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00012 + [Tags] selfserver ssl Hijack ip+cookie字串匹配 + Comment 创建cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat + ... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00013 + [Tags] selfserver ssl Hijack ip+应答头右匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List онлайнвхорошемкачествеслюбыхустройст Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List онлайнвхорошемкачествеслюбыхустройст Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00014 + [Tags] selfserver ssl Hijack ip+应答头字串匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List 你好五一 Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List 你好五一 Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00015 + [Tags] selfserver ssl Hijack ip+应答头完整匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00016 + [Tags] selfserver ssl Hijack ip+应答头左匹配 + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat + ... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00017 + [Tags] selfserver ssl Hijack ip+set-cookie右匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00018 + [Tags] selfserver ssl Hijack ip+set-cookie字串匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + @{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求 Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List 发送GET请求 Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00019 + [Tags] selfserver ssl Hijack ip+set-cookie完整匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat + ... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action + @{stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00020 + [Tags] selfserver ssl Hijack ip+set-cookie左匹配 + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat + ... ELSE set variable curl -kv https://open.node.com/ + @{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +ProxyPolicy-Hijack-Ssl-00021 + [Tags] selfserver 最大组合 ssl Hijack + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type + ${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id} + Comment 创建hijack文件 + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]} + ${policyIds} Create List ${policyId1} + Comment 创建管控策略 + ${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR + ${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]} + ${policyIds} Create List ${policyId1} ${policyId2} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action + @{stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm X-TG-Construct-By Tango Secure Gateway CA + ... ELSE Create List zxcvbnm X-TG-Construct-By Tango Secure Gateway CA + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommand ${commandstr} @{stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId3} + GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com