From f6c5ee22c8254f5a2178c06239c5b39eac617b51 Mon Sep 17 00:00:00 2001 From: hebingning Date: Wed, 27 Jan 2021 18:18:15 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E7=AD=96=E7=95=A5deny=20dns?= =?UTF-8?q?=E7=94=A8=E4=BE=8B=E8=A1=A5=E5=85=85=EF=BC=9Aip=20learning=20,i?= =?UTF-8?q?p=20geo=20update=20policy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tsg_adc/multi_step/a_Deny_Dns_Tests.robot | 45 +++++++++++++------ .../multi_step/a_Intercept_Http_Tests.robot | 1 + .../tsg_adc/multi_step/b_Deny_Dns_Tests.robot | 39 ++++++++++++---- .../tsg_adc/multi_step/c_Deny_Dns_Tests.robot | 6 ++- .../command/ProxyPolicy_allow_00001_1.bat | 1 + .../SecurityPolicy_Intercept_HTTP_00003.bat | 1 + .../SecurityPolicy_Intercept_HTTP_00004.bat | 1 + 7 files changed, 71 insertions(+), 23 deletions(-) create mode 100644 05-Other/curl/command/ProxyPolicy_allow_00001_1.bat create mode 100644 05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00003.bat create mode 100644 05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00004.bat diff --git a/01-TestCase/tsg_adc/multi_step/a_Deny_Dns_Tests.robot b/01-TestCase/tsg_adc/multi_step/a_Deny_Dns_Tests.robot index b610114..40f3719 100644 --- a/01-TestCase/tsg_adc/multi_step/a_Deny_Dns_Tests.robot +++ b/01-TestCase/tsg_adc/multi_step/a_Deny_Dns_Tests.robot @@ -8,52 +8,71 @@ Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot *** Test Cases *** SecurityPolicy-Deny-Dns-00001 - [Tags] fqdn完整和右匹配 + [Tags] fqdn完整和右匹配,update policy:source ip_geo,fqdn Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.facebook.com,*rutube.ru ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建ip geo + ${addItemList1} Create Dictionary keywordArray=XXG地区.* + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=ip objectSubType=geo_location isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} Comment 创建安全策略 ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} log ${policyDict} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} Get-Pids ${policyId} + ${policyId} Set Variable ${policyId}[0] + #${policyId} Evaluate ${policyId}.replace('[]','') insert_policyId_to_file1 deny_dns_objectId ${objectId} + insert_policyId_to_file1 deny_dns_objectId4 ${objectId1} insert_policyId_to_file1 deny_dns_policyId ${policyId} SecurityPolicy-Deny-Dns-00002 [Tags] cat右和完整匹配 Comment 创建cat - ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*yhd.com,$www.vk.com - ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + # ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*yhd.com,$www.vk.com + # ${rescode} ${objectId} AddObject2 ${1} ${objectDict} Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.jd.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.41.186","ttl":{"min":300,"max":300}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.jd.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.41.186","ttl":{"min":300,"max":300}}]}]} filterList=103|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} log ${policyDict} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 - insert_policyId_to_file1 deny_dns_objectId1 ${objectId} + ${policyId} Get-Pids ${policyId} + ${policyId} Set Variable ${policyId}[0] + #insert_policyId_to_file1 deny_dns_objectId1 ${objectId} insert_policyId_to_file1 deny_dns_policyId1 ${policyId} SecurityPolicy-Deny-Dns-00003 - [Tags] cat右匹配 - Comment 创建cat - ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*ya.ru - ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + [Tags] cat + # ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*ya.ru + # ${rescode} ${objectId} AddObject2 ${1} ${objectDict} Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00003 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:11","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":600,"max":600}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00003 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:11","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":600,"max":600}}]}]} filterList=129|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} log ${policyDict} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 - insert_policyId_to_file1 deny_dns_objectId2 ${objectId} + ${policyId} Get-Pids ${policyId} + ${policyId} Set Variable ${policyId}[0] + #insert_policyId_to_file1 deny_dns_objectId2 ${objectId} insert_policyId_to_file1 deny_dns_policyId2 ${policyId} SecurityPolicy-Deny-Dns-00004 - [Tags] fqdn右匹配 + [Tags] fqdn右匹配 destination:iplearning update fqdn Comment 创建fqdn ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*twitch.tv ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建fqdn2 + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.twitch.tv + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} Comment 创建安全策略 - ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00004 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00004 destination=164745|TSG_SECURITY_DESTINATION_ADDR policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} log ${policyDict} ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} Get-Pids ${policyId} + ${policyId} Set Variable ${policyId}[0] insert_policyId_to_file1 deny_dns_objectId3 ${objectId} + insert_policyId_to_file1 deny_dns_objectId5 ${objectId1} insert_policyId_to_file1 deny_dns_policyId3 ${policyId} diff --git a/01-TestCase/tsg_adc/multi_step/a_Intercept_Http_Tests.robot b/01-TestCase/tsg_adc/multi_step/a_Intercept_Http_Tests.robot index 3ea0af7..d639c8c 100644 --- a/01-TestCase/tsg_adc/multi_step/a_Intercept_Http_Tests.robot +++ b/01-TestCase/tsg_adc/multi_step/a_Intercept_Http_Tests.robot @@ -16,6 +16,7 @@ Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody. *** Test Cases *** SecurityPolicy-Intercept-Http-00001 [Tags] fqdn完整匹配 update policy:source geo + Comment 创建ip geo ${addItemList1} Create Dictionary keywordArray=XXG地区.* ${addItemLists} Create list ${addItemList1} ${objectDict} Create Dictionary objectType=ip objectSubType=geo_location isValid=${1} addItemList=${addItemLists} diff --git a/01-TestCase/tsg_adc/multi_step/b_Deny_Dns_Tests.robot b/01-TestCase/tsg_adc/multi_step/b_Deny_Dns_Tests.robot index bd201e1..38700dc 100644 --- a/01-TestCase/tsg_adc/multi_step/b_Deny_Dns_Tests.robot +++ b/01-TestCase/tsg_adc/multi_step/b_Deny_Dns_Tests.robot @@ -5,6 +5,9 @@ Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot +Resource ../../../03-Variable/ApplicationID.txt +Resource ../../../05-Other/AllFlowCaseVariable.txt *** Test Cases *** SecurityPolicy-Deny-Dns-00001 @@ -20,31 +23,47 @@ SecurityPolicy-Deny-Dns-00001 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 ... ELSE Create List canonical name = rutube.ru ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 改变阻断策略 + ${policyDict} Create Dictionary policyId=${deny_dns_policyId} policyName=SecurityPolicy-Deny-Dns-00001_1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} source=${deny_dns_objectId4}|TSG_SECURITY_SOURCE_LOCATION filterList=${deny_dns_objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} UpdatePolicies 1 ${policyDict} v2 update + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.facebook.com + ... ELSE set variable nslookup www.facebook.com + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 + ... ELSE Create List canonical name = www.facebook.com + ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 功能端验证HTTP验证 + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d rutube.ru + ... ELSE set variable nslookup -d rutube.ru + ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 + ... ELSE Create List canonical name = rutube.ru + ${rescode} SystemCommands ${commandstr} ${stringlist} SecurityPolicy-Deny-Dns-00002 Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.yhd.com - ... ELSE set variable nslookup -debug -query=A \ www.yhd.com + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.plymouthbaywinery.com 8.8.8.8 + ... ELSE set variable nslookup -debug -query=A \ www.plymouthbaywinery.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500 ... ELSE Create List 192.168.41.186 www.jd.com ttl = 500 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.vk.com - ... ELSE set variable nslookup -debug -query=A \ www.vk.com + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d sunnybrooktroutclub.com 8.8.8.8 + ... ELSE set variable nslookup -debug -query=A \ sunnybrooktroutclub.com ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500 ... ELSE Create List 192.168.41.186 www.jd.com ttl = 500 ${rescode} SystemCommands ${commandstr} ${stringlist} SecurityPolicy-Deny-Dns-00003 Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ya.ru - ... ELSE set variable nslookup -debug -query=AAAA ya.ru + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ace188.com 8.8.8.8 + ... ELSE set variable nslookup -debug -query=AAAA harfordemcomm.org ${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400 ... ELSE Create List fc00::2:11 www.taobao.com ttl = 400 ${rescode} SystemCommands ${commandstr} ${stringlist} Comment 功能端验证HTTP验证 - ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ya.ru - ... ELSE set variable nslookup -debug -query=AAAA ya.ru + ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d huitu.com 8.8.8.8 + ... ELSE set variable nslookup -debug -query=AAAA harfordemcomm.org ${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400 ... ELSE Create List fc00::2:11 www.taobao.com ttl = 400 ${rescode} SystemCommands ${commandstr} ${stringlist} @@ -56,6 +75,10 @@ SecurityPolicy-Deny-Dns-00004 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.40.110 www.facebook.com ttl = 400 www.ok.ru fc00::2:22 ... ELSE Create List 192.168.40.110 www.ok.ru ttl = 400 ${rescode} SystemCommands ${commandstr} ${stringlist} + Comment 改变阻断策略 + ${policyDict} Create Dictionary policyId=${deny_dns_policyId3} policyName=SecurityPolicy-Deny-Dns-00004_1 destination=164745|TSG_SECURITY_DESTINATION_ADDR policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${deny_dns_objectId5}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} UpdatePolicies 1 ${policyDict} v2 update Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.twitch.tv ... ELSE set variable nslookup -debug -query=AAAA www.twitch.tv diff --git a/01-TestCase/tsg_adc/multi_step/c_Deny_Dns_Tests.robot b/01-TestCase/tsg_adc/multi_step/c_Deny_Dns_Tests.robot index 4afd6e5..1f28362 100644 --- a/01-TestCase/tsg_adc/multi_step/c_Deny_Dns_Tests.robot +++ b/01-TestCase/tsg_adc/multi_step/c_Deny_Dns_Tests.robot @@ -17,6 +17,7 @@ ${objectids} ${EMPTY} SecurityPolicy-Deny-Dns-00001 #删除对象 ${objectids} set Variable ${deny_dns_objectId} + ${objectids} Catenate SEPARATOR=, ${objectids} ${deny_dns_objectId4} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId}]} ${s} Convert to String ${deny_dns_policyId} @@ -25,7 +26,7 @@ SecurityPolicy-Deny-Dns-00001 SecurityPolicy-Deny-Dns-00002 #删除对象 - ${objectids} set Variable ${deny_dns_objectId1} + #${objectids} set Variable ${deny_dns_objectId1} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId1}]} ${s} Convert to String ${deny_dns_policyId1} @@ -34,7 +35,7 @@ SecurityPolicy-Deny-Dns-00002 SecurityPolicy-Deny-Dns-00003 #删除对象 - ${objectids} set Variable ${deny_dns_objectId2} + # ${objectids} set Variable ${deny_dns_objectId2} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId2}]} ${s} Convert to String ${deny_dns_policyId2} @@ -43,6 +44,7 @@ SecurityPolicy-Deny-Dns-00003 SecurityPolicy-Deny-Dns-00004 #删除对象 ${objectids} set Variable ${deny_dns_objectId3} + ${objectids} Catenate SEPARATOR=, ${objectids} ${deny_dns_objectId5} #删除策略 ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId3}]} ${s} Convert to String ${deny_dns_policyId3} diff --git a/05-Other/curl/command/ProxyPolicy_allow_00001_1.bat b/05-Other/curl/command/ProxyPolicy_allow_00001_1.bat new file mode 100644 index 0000000..14b6634 --- /dev/null +++ b/05-Other/curl/command/ProxyPolicy_allow_00001_1.bat @@ -0,0 +1 @@ +curl -kv https://games.sina.com.cn/ | iconv -f utf-8 -t gbk \ No newline at end of file diff --git a/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00003.bat b/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00003.bat new file mode 100644 index 0000000..5ef9233 --- /dev/null +++ b/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00003.bat @@ -0,0 +1 @@ +curl http://open.node.com/ | iconv -f utf-8 -t gbk \ No newline at end of file diff --git a/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00004.bat b/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00004.bat new file mode 100644 index 0000000..8a6f1a6 --- /dev/null +++ b/05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00004.bat @@ -0,0 +1 @@ +curl http://www.zongheng.com/ | iconv -f utf-8 -t gbk \ No newline at end of file