diff --git a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot index d213812..be31206 100644 --- a/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot +++ b/01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot @@ -11,6 +11,8 @@ Resource ../../../../03-Variable/AllFlowCaseVariable.txt *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} +${url} /policy/profile/responsepages +${profiledId} ${EMPTY} *** Test Cases *** SecurityPolicy-Deny-Http-00001 @@ -28,7 +30,7 @@ SecurityPolicy-Deny-Http-00001 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat ... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset - ... ELSE Create List Connection reset by peer + ... ELSE Create List Message content over the limit has been removed ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -43,7 +45,7 @@ SecurityPolicy-Deny-Http-00002 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} @@ -57,7 +59,7 @@ SecurityPolicy-Deny-Http-00002 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset - ... ELSE Create List Connection reset by peer + ... ELSE Create List Message content over the limit has been removed ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -72,7 +74,7 @@ SecurityPolicy-Deny-Http-00003 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建cat ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} @@ -101,7 +103,7 @@ SecurityPolicy-Deny-Http-00004 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建url ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node.com ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} @@ -130,7 +132,7 @@ SecurityPolicy-Deny-Http-00005 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建url ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*youtube.html ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} @@ -159,7 +161,7 @@ SecurityPolicy-Deny-Http-00006 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建url ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} @@ -172,8 +174,8 @@ SecurityPolicy-Deny-Http-00006 Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html - ${stringlist} run keyword if '${systemType}'=='Windows' Create List when not allowed - ... ELSE Create List when not allowed + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 123123 + ... ELSE Create List 123123 ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -188,7 +190,7 @@ SecurityPolicy-Deny-Http-00007 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建url ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open* ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} @@ -217,7 +219,7 @@ SecurityPolicy-Deny-Http-00008 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建请求头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} @@ -246,7 +248,7 @@ SecurityPolicy-Deny-Http-00009 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建请求头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} @@ -275,21 +277,21 @@ SecurityPolicy-Deny-Http-00010 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建请求头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id} Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":404,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2 ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat ... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com - ${stringlist} run keyword if '${systemType}'=='Windows' Create List when not allowed - ... ELSE Create List when not allowed + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 123123 + ... ELSE Create List 123123 ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -304,7 +306,7 @@ SecurityPolicy-Deny-Http-00011 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建请求头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent ${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict} @@ -333,7 +335,7 @@ SecurityPolicy-Deny-Http-00012 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建cookie ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie ${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict} @@ -362,7 +364,7 @@ SecurityPolicy-Deny-Http-00013 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建应答头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} @@ -391,7 +393,7 @@ SecurityPolicy-Deny-Http-00014 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建应答头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*utf-8|Content-Type ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} @@ -420,7 +422,7 @@ SecurityPolicy-Deny-Http-00015 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建应答头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} @@ -449,7 +451,7 @@ SecurityPolicy-Deny-Http-00016 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建应答头 ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text*|Content-Type ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} @@ -478,7 +480,7 @@ SecurityPolicy-Deny-Http-00017 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建set-cookie ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=4567|Set-Cookie ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} @@ -507,7 +509,7 @@ SecurityPolicy-Deny-Http-00018 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建set-cookie ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*5678|Set-Cookie ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} @@ -536,7 +538,7 @@ SecurityPolicy-Deny-Http-00019 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建set-cookie ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} @@ -565,7 +567,7 @@ SecurityPolicy-Deny-Http-00020 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建set-cookie ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=1234*|Set-Cookie ${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict} @@ -594,7 +596,7 @@ SecurityPolicy-Deny-Http-00021 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建请求体 ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} @@ -623,7 +625,7 @@ SecurityPolicy-Deny-Http-00022 Comment 创建目标IP ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 ${rescode} ${objectId} AddObject2 ${1} ${objectDict} - ${objectids} Catenate SEPARATOR=, ${objectId} + ${objectids} set Variable ${objectId} Comment 创建应答体 ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} @@ -646,3 +648,281 @@ SecurityPolicy-Deny-Http-00022 #日志验证 ${s} Convert to String ${policyId} GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00023 + [Tags] Selfserver Deny Http 最大组合 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} ${object_url_Id} + Comment 创建cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie + ${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} ${object_url_Id} ${object_CK_Id} + Comment 创建应答头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} ${object_url_Id} ${object_CK_Id} ${object_CT_Id} + Comment 创建应答体 + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық + ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} ${object_url_Id} ${object_CK_Id} ${object_CT_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00023 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR,${object_RQ_Id} |TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat + ... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00024 + [Tags] selfserver deny Http IP+host block + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00024 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"html_profile":${profiledId}} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable + ... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00025 + [Tags] selfserver deny Http IP+host alert + Comment 创建第二个源IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.10|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00025 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"alert","code":200,"message":"No Content"} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${objectId}|TSG_SECURITY_SOURCE_ADDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat + ... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List No Content + ... ELSE Create List No Content + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00026 + [Tags] selfserver deny Http IP+host alert + Comment 创建第二个源IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.10|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${object_fqdn_Id} + #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00026 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"alert","code":200,"html_profile":${profiledId}} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${objectId}|TSG_SECURITY_SOURCE_ADDR isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat + ... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable + ... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00027 + [Tags] Selfserver Deny Http 最大组合 + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=action + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CK_Id} + Comment 创建set-cookie + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie + ${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id} + Comment 创建请求体 + ${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test + ${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_RQ_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00027 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR,${object_RQ_Id}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat + ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00028 + [Tags] selfserver deny http 多ip+fqdn + Comment 创建第二个源IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.18|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00028 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_SOURCE_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00029 + [Tags] selfserver deny 多协议 ip + Comment 创建目标IP + ${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0 + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + ${objectids} set Variable ${objectId} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00029 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2,3,4,5,6 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + +SecurityPolicy-Deny-Http-00030 + [Tags] selfserver deny http 新增Filter条件 ip+fqdn + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com + ${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=youtube + ${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict} + ${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00030 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com + Comment 修改策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00030 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_SOURCE_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 + ${rescode} ${policyId} EditPolicy ${1} ${policyDict} update + #删除策略 + ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat + ... ELSE set variable curl http://open.node.com/test/youtube/youtube.html + ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset + ... ELSE Create List Message content over the limit has been removed + ${starttime} Get Time + Sleep ${policyVerificationSleepSeconds}s + ${rescode} SystemCommands ${commandstr} ${stringlist} + Sleep ${policyLogVerificationSleepSeconds}s + ${endtime} Get Time + #日志验证 + ${s} Convert to String ${policyId} + GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com