From 9f78d943a957ac3a4cd20ed570e1a07fff269152 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A7=AC=E5=B7=8D=E5=B7=9D?= <jiweichuan@zdjizhi.com>
Date: Sat, 9 May 2020 19:25:12 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84dns=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Api_Security/Deny_DNS_Tests.robot         | 210 +++++++++++++++++-
 1 file changed, 204 insertions(+), 6 deletions(-)

diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot
index 76994f2..7a58e49 100644
--- a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot
+++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot
@@ -14,7 +14,7 @@ ${objectids}      ${EMPTY}
 
 *** Test Cases ***
 SecurityPolicy-Deny-DNS-00001
-    [Tags]    Selfserver    Deny    Dns    Ip+Fqdn右匹配
+    [Tags]    selfserver    dns    deny    ip+fqdn右匹配
     Comment    创建fqdn
     ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*yhd.com
     ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
@@ -39,13 +39,13 @@ SecurityPolicy-Deny-DNS-00001
     GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    yhd.com
 
 SecurityPolicy-Deny-DNS-00002
-    [Tags]    Selfserver    Deny    Dns    Ip+Cat完整匹配
-    Comment    创建fqdn
+    [Tags]    selfserver    Ip+cat完整匹配    dns    deny
+    Comment    创建cat
     ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$www.toutiao.com
-    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
-    ${objectids}    set Variable    ${object_fqdn_Id}
+    ${rescode}    ${object_cat_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_cat_Id}
     Comment    创建安全策略
-    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00001    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]}    isValid=${1}    appObjectIdArray=4
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00002    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME
     ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
     #删除策略
     ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
@@ -62,3 +62,201 @@ SecurityPolicy-Deny-DNS-00002
     #日志验证
     ${s}    Convert to String    ${policyId}
     GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    toutiao.com
+
+SecurityPolicy-Deny-DNS-00003
+    [Tags]    dns    deny    selfserver    多Ip+fqdn网站匹配
+    Comment    创建第二个源IP
+    ${objectDict}    Create Dictionary    objectType=ip    isValid=${1}    addItemList=CIDR|192.168.50.18|32|0/0
+    ${rescode}    ${objectId}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${objectId}
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=$www.douban.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00003    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":350,"max":350}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME,${objectId}|TSG_SECURITY_SOURCE_ADDR
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.douban.com
+    ...    ELSE    set variable    nslookup -d www.douban.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    canonical name = www.taobao.com
+    ...    ELSE    Create List    canonical name = www.taobao.com
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.douban.com
+
+SecurityPolicy-Deny-DNS-00004
+    [Tags]    selfserver    Ip+cat完整匹配    dns    deny
+    Comment    创建cat
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=$www.mgtv.com
+    ${rescode}    ${object_cat_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_cat_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00004    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":400,"max":400}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.mgtv.com
+    ...    ELSE    set variable    nslookup \ www.mgtv.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    192.168.50.18
+    ...    ELSE    Create List    192.168.50.18
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.mgtv.com
+
+SecurityPolicy-Deny-DNS-00005
+    [Tags]    selfserver    dns    deny    ip+fqdn右匹配
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*suning.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00005    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.suning.com
+    ...    ELSE    set variable    nslookup \ www.suning.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    fc00::2:66
+    ...    ELSE    Create List    fc00::2:66
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.suning.com
+
+SecurityPolicy-Deny-DNS-00006
+    [Tags]    selfserver    dns    deny    Ip+fqdn+cat
+    Comment    创建cat
+    ${objectDict}    Create Dictionary    objectType=fqdn_category    isValid=${1}    addItemList=*suning.com
+    ${rescode}    ${object_cat_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_cat_Id}
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=$www.mgtv.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    Catenate    SEPARATOR=,    ${objectids}    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00006    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.mgtv.com
+    ...    ELSE    set variable    nslookup \ www.mgtv.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    fc00::2:66
+    ...    ELSE    Create List    fc00::2:66
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.mgtv.com
+    Comment    修改策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00006    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":400,"max":400}}]}]}    referenceObject=${object_cat_Id}|TSG_FIELD_DNS_QNAME    isValid=${1}    appObjectIdArray=4    policyId=${policyId}
+    ${rescode}    ${policyId}    EditPolicy    ${policyDict}    update
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.suning.com
+    ...    ELSE    set variable    nslookup \ www.suning.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    192.168.50.18
+    ...    ELSE    Create List    192.168.50.18
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.suning.com
+
+SecurityPolicy-Deny-DNS-00007
+    [Tags]    selfserver    dns    deny    ip+fqdn右匹配
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=*liepin.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00007    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.zhihu.com","ttl":{"min":300,"max":300}}],"qtype":"AAAA"}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.liepin.com
+    ...    ELSE    set variable    nslookup -d www.liepin.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    fc00::2:66    www.zhihu.com    ttl = 300
+    ...    ELSE    Create List    fc00::2:66    www.zhihu.com    ttl = 300
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    liepin.com
+
+SecurityPolicy-Deny-DNS-00008
+    [Tags]    selfserver    dns    deny    ip+fqdn完整匹配
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=$www.zealer.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00008    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"A","value":"192.168.50.18","ttl":{"min":500,"max":500}},{"atype":"CNAME","value":"www.bilibili.com","ttl":{"min":500,"max":500}}],"qtype":"A"}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.zealer.com
+    ...    ELSE    set variable    nslookup -d www.zealer.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    192.168.50.18    www.bilibili.com    ttl = 500
+    ...    ELSE    Create List    192.168.50.18    www.bilibili.com    ttl = 500
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    zealer.com
+
+SecurityPolicy-Deny-DNS-00009
+    [Tags]    selfserver    dns    deny    ip+fqdn完整匹配
+    Comment    创建fqdn
+    ${objectDict}    Create Dictionary    objectType=fqdn    isValid=${1}    addItemList=$www.douyu.com
+    ${rescode}    ${object_fqdn_Id}    AddObject2    ${1}    ${objectDict}
+    ${objectids}    set Variable    ${object_fqdn_Id}
+    Comment    创建安全策略
+    ${policyDict}    Create Dictionary    policyName=SecurityPolicy-Deny-DNS-00009    policyType=tsg_security    policyDesc=autotest    userTags=    action=deny    effectiveRange=    userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:66","ttl":{"min":500,"max":500}},{"atype":"CNAME","value":"www.booking.com","ttl":{"min":500,"max":500}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.tuniu.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.50.18","ttl":{"min":500,"max":500}}]}]}    isValid=${1}    appObjectIdArray=4    referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
+    ${rescode}    ${policyId}    AddPolicy2    ${1}    ${policyDict}
+    #删除策略
+    ${policyIds}    Create List    {"policyType":"tsg_security","policyIds":[${policyId}]}
+    Comment    功能端验证HTTP验证
+    ${commandstr}    run keyword if    '${systemType}'=='Windows'    set variable    nslookup -d www.douyu.com
+    ...    ELSE    set variable    nslookup -d www.douyu.com
+    ${stringlist}    run keyword if    '${systemType}'=='Windows'    Create List    192.168.50.18    www.tuniu.com    ttl = 500    www.booking.com    fc00::2:66
+    ...    ELSE    Create List    192.168.50.18    www.tuniu.com    ttl = 500    www.booking.com    fc00::2:66
+    ${starttime}    Get Time
+    Sleep    ${policyVerificationSleepSeconds}s
+    ${rescode}    SystemCommands    ${commandstr}    ${stringlist}
+    Sleep    ${policyLogVerificationSleepSeconds}s
+    ${endtime}    Get Time
+    #日志验证
+    ${s}    Convert to String    ${policyId}
+    GetLogList    security_event_log    ${starttime}    ${endtime}    ${testClentIP}    ${s}    dns_qname    www.douyu.com