完善dns用例
This commit is contained in:
姬巍川
@@ -14,7 +14,7 @@ ${objectids} ${EMPTY}
|
||||
|
||||
*** Test Cases ***
|
||||
SecurityPolicy-Deny-DNS-00001
|
||||
[Tags] Selfserver Deny Dns Ip+Fqdn右匹配
|
||||
[Tags] selfserver dns deny ip+fqdn右匹配
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*yhd.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
@@ -39,13 +39,13 @@ SecurityPolicy-Deny-DNS-00001
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname yhd.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00002
|
||||
[Tags] Selfserver Deny Dns Ip+Cat完整匹配
|
||||
Comment 创建fqdn
|
||||
[Tags] selfserver Ip+cat完整匹配 dns deny
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$www.toutiao.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]} isValid=${1} appObjectIdArray=4
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
@@ -62,3 +62,201 @@ SecurityPolicy-Deny-DNS-00002
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname toutiao.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00003
|
||||
[Tags] dns deny selfserver 多Ip+fqdn网站匹配
|
||||
Comment 创建第二个源IP
|
||||
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.18|32|0/0
|
||||
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${objectId}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.douban.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":350,"max":350}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME,${objectId}|TSG_SECURITY_SOURCE_ADDR
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.douban.com
|
||||
... ELSE set variable nslookup -d www.douban.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List canonical name = www.taobao.com
|
||||
... ELSE Create List canonical name = www.taobao.com
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.douban.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00004
|
||||
[Tags] selfserver Ip+cat完整匹配 dns deny
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$www.mgtv.com
|
||||
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":400,"max":400}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.mgtv.com
|
||||
... ELSE set variable nslookup \ www.mgtv.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.50.18
|
||||
... ELSE Create List 192.168.50.18
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.mgtv.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00005
|
||||
[Tags] selfserver dns deny ip+fqdn右匹配
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*suning.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.suning.com
|
||||
... ELSE set variable nslookup \ www.suning.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:66
|
||||
... ELSE Create List fc00::2:66
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.suning.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00006
|
||||
[Tags] selfserver dns deny Ip+fqdn+cat
|
||||
Comment 创建cat
|
||||
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*suning.com
|
||||
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_cat_Id}
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.mgtv.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.mgtv.com
|
||||
... ELSE set variable nslookup \ www.mgtv.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:66
|
||||
... ELSE Create List fc00::2:66
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.mgtv.com
|
||||
Comment 修改策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":400,"max":400}}]}]} referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME isValid=${1} appObjectIdArray=4 policyId=${policyId}
|
||||
${rescode} ${policyId} EditPolicy ${policyDict} update
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.suning.com
|
||||
... ELSE set variable nslookup \ www.suning.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.50.18
|
||||
... ELSE Create List 192.168.50.18
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.suning.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00007
|
||||
[Tags] selfserver dns deny ip+fqdn右匹配
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*liepin.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.zhihu.com","ttl":{"min":300,"max":300}}],"qtype":"AAAA"}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.liepin.com
|
||||
... ELSE set variable nslookup -d www.liepin.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:66 www.zhihu.com ttl = 300
|
||||
... ELSE Create List fc00::2:66 www.zhihu.com ttl = 300
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname liepin.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00008
|
||||
[Tags] selfserver dns deny ip+fqdn完整匹配
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.zealer.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":500,"max":500}},{"atype":"CNAME","value":"www.bilibili.com","ttl":{"min":500,"max":500}}],"qtype":"A"}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.zealer.com
|
||||
... ELSE set variable nslookup -d www.zealer.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.50.18 www.bilibili.com ttl = 500
|
||||
... ELSE Create List 192.168.50.18 www.bilibili.com ttl = 500
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname zealer.com
|
||||
|
||||
SecurityPolicy-Deny-DNS-00009
|
||||
[Tags] selfserver dns deny ip+fqdn完整匹配
|
||||
Comment 创建fqdn
|
||||
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.douyu.com
|
||||
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
|
||||
${objectids} set Variable ${object_fqdn_Id}
|
||||
Comment 创建安全策略
|
||||
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}},{"atype":"CNAME","value":"www.booking.com","ttl":{"min":500,"max":500}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.tuniu.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.50.18","ttl":{"min":500,"max":500}}]}]} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
|
||||
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
|
||||
#删除策略
|
||||
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
|
||||
Comment 功能端验证HTTP验证
|
||||
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.douyu.com
|
||||
... ELSE set variable nslookup -d www.douyu.com
|
||||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.50.18 www.tuniu.com ttl = 500 www.booking.com fc00::2:66
|
||||
... ELSE Create List 192.168.50.18 www.tuniu.com ttl = 500 www.booking.com fc00::2:66
|
||||
${starttime} Get Time
|
||||
Sleep ${policyVerificationSleepSeconds}s
|
||||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||||
Sleep ${policyLogVerificationSleepSeconds}s
|
||||
${endtime} Get Time
|
||||
#日志验证
|
||||
${s} Convert to String ${policyId}
|
||||
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.douyu.com
|
||||
|
||||
Reference in New Issue
Block a user