gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

安全策略deny dns用例补充:ip learning ,ip geo update policy

Browse Source
This commit is contained in:
hebingning
2021-01-27 18:18:15 +08:00
parent 4b41fff86f
commit f6c5ee22c8
7 changed files with 71 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
01-TestCase/tsg_adc/multi_step/a_Deny_Dns_Tests.robot
View File

@@ -8,52 +8,71 @@ Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource ../../../03-Variable/ApplicationID.txt Resource ../../../03-Variable/ApplicationID.txt
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
*** Test Cases *** *** Test Cases ***
SecurityPolicy-Deny-Dns-00001 SecurityPolicy-Deny-Dns-00001
[Tags] fqdn完整和右匹配 [Tags] fqdn完整和右匹配,update policy:source ip_geo,fqdn
Comment 创建fqdn Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.facebook.com,*rutube.ru ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.facebook.com,*rutube.ru
${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${rescode} ${objectId} AddObject2 ${1} ${objectDict}
Comment 创建ip geo
${addItemList1} Create Dictionary keywordArray=XXG地区.*
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=geo_location isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict}
Comment 创建安全策略 Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict} log ${policyDict}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyId} Get-Pids ${policyId}
${policyId} Set Variable ${policyId}[0]
#${policyId} Evaluate ${policyId}.replace('[]','')
insert_policyId_to_file1 deny_dns_objectId ${objectId} insert_policyId_to_file1 deny_dns_objectId ${objectId}
insert_policyId_to_file1 deny_dns_objectId4 ${objectId1}
insert_policyId_to_file1 deny_dns_policyId ${policyId} insert_policyId_to_file1 deny_dns_policyId ${policyId}
SecurityPolicy-Deny-Dns-00002 SecurityPolicy-Deny-Dns-00002
[Tags] cat右和完整匹配 [Tags] cat右和完整匹配
Comment 创建cat Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*yhd.com,$www.vk.com # ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*yhd.com,$www.vk.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict} # ${rescode} ${objectId} AddObject2 ${1} ${objectDict}
Comment 创建安全策略 Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.jd.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.41.186","ttl":{"min":300,"max":300}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.jd.com","ttl":{"min":500,"max":500}},{"atype":"A","value":"192.168.41.186","ttl":{"min":300,"max":300}}]}]} filterList=103|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict} log ${policyDict}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
insert_policyId_to_file1 deny_dns_objectId1 ${objectId} ${policyId} Get-Pids ${policyId}
${policyId} Set Variable ${policyId}[0]
#insert_policyId_to_file1 deny_dns_objectId1 ${objectId}
insert_policyId_to_file1 deny_dns_policyId1 ${policyId} insert_policyId_to_file1 deny_dns_policyId1 ${policyId}
SecurityPolicy-Deny-Dns-00003 SecurityPolicy-Deny-Dns-00003
[Tags] cat右匹配 [Tags] cat
Comment 创建cat # ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*ya.ru
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*ya.ru # ${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
Comment 创建安全策略 Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00003 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:11","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":600,"max":600}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00003 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"fc00::2:11","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.taobao.com","ttl":{"min":600,"max":600}}]}]} filterList=129|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict} log ${policyDict}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
insert_policyId_to_file1 deny_dns_objectId2 ${objectId} ${policyId} Get-Pids ${policyId}
${policyId} Set Variable ${policyId}[0]
#insert_policyId_to_file1 deny_dns_objectId2 ${objectId}
insert_policyId_to_file1 deny_dns_policyId2 ${policyId} insert_policyId_to_file1 deny_dns_policyId2 ${policyId}
SecurityPolicy-Deny-Dns-00004 SecurityPolicy-Deny-Dns-00004
[Tags] fqdn右匹配 [Tags] fqdn右匹配 destination:iplearning update fqdn
Comment 创建fqdn Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*twitch.tv ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*twitch.tv
${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${rescode} ${objectId} AddObject2 ${1} ${objectDict}
Comment 创建fqdn2
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.twitch.tv
${rescode} ${objectId1} AddObject2 ${1} ${objectDict}
Comment 创建安全策略 Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00004 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} ${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Dns-00004 destination=164745|TSG_SECURITY_DESTINATION_ADDR policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict} log ${policyDict}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyId} Get-Pids ${policyId}
${policyId} Set Variable ${policyId}[0]
insert_policyId_to_file1 deny_dns_objectId3 ${objectId} insert_policyId_to_file1 deny_dns_objectId3 ${objectId}
insert_policyId_to_file1 deny_dns_objectId5 ${objectId1}
insert_policyId_to_file1 deny_dns_policyId3 ${policyId} insert_policyId_to_file1 deny_dns_policyId3 ${policyId}

1
01-TestCase/tsg_adc/multi_step/a_Intercept_Http_Tests.robot
View File

@@ -16,6 +16,7 @@ Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.
*** Test Cases *** *** Test Cases ***
SecurityPolicy-Intercept-Http-00001 SecurityPolicy-Intercept-Http-00001
[Tags] fqdn完整匹配 update policy:source geo [Tags] fqdn完整匹配 update policy:source geo
Comment 创建ip geo
${addItemList1} Create Dictionary keywordArray=XXG地区.* ${addItemList1} Create Dictionary keywordArray=XXG地区.*
${addItemLists} Create list ${addItemList1} ${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=geo_location isValid=${1} addItemList=${addItemLists} ${objectDict} Create Dictionary objectType=ip objectSubType=geo_location isValid=${1} addItemList=${addItemLists}

39
01-TestCase/tsg_adc/multi_step/b_Deny_Dns_Tests.robot
View File

@@ -5,6 +5,9 @@ Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource ../../../03-Variable/ApplicationID.txt
Resource ../../../05-Other/AllFlowCaseVariable.txt
*** Test Cases *** *** Test Cases ***
SecurityPolicy-Deny-Dns-00001 SecurityPolicy-Deny-Dns-00001
@@ -20,31 +23,47 @@ SecurityPolicy-Deny-Dns-00001
${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时
... ELSE Create List canonical name = rutube.ru ... ELSE Create List canonical name = rutube.ru
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 改变阻断策略
${policyDict} Create Dictionary policyId=${deny_dns_policyId} policyName=SecurityPolicy-Deny-Dns-00001_1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} source=${deny_dns_objectId4}|TSG_SECURITY_SOURCE_LOCATION filterList=${deny_dns_objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict}
${rescode} UpdatePolicies 1 ${policyDict} v2 update
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.facebook.com
... ELSE set variable nslookup www.facebook.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时
... ELSE Create List canonical name = www.facebook.com
${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d rutube.ru
... ELSE set variable nslookup -d rutube.ru
${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时
... ELSE Create List canonical name = rutube.ru
${rescode} SystemCommands ${commandstr} ${stringlist}
SecurityPolicy-Deny-Dns-00002 SecurityPolicy-Deny-Dns-00002
Comment 功能端验证HTTP验证 Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.yhd.com ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.plymouthbaywinery.com 8.8.8.8
... ELSE set variable nslookup -debug -query=A \ www.yhd.com ... ELSE set variable nslookup -debug -query=A \ www.plymouthbaywinery.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500
... ELSE Create List 192.168.41.186 www.jd.com ttl = 500 ... ELSE Create List 192.168.41.186 www.jd.com ttl = 500
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 功能端验证HTTP验证 Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.vk.com ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d sunnybrooktroutclub.com 8.8.8.8
... ELSE set variable nslookup -debug -query=A \ www.vk.com ... ELSE set variable nslookup -debug -query=A \ sunnybrooktroutclub.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.41.186 www.jd.com ttl = 500
... ELSE Create List 192.168.41.186 www.jd.com ttl = 500 ... ELSE Create List 192.168.41.186 www.jd.com ttl = 500
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
SecurityPolicy-Deny-Dns-00003 SecurityPolicy-Deny-Dns-00003
Comment 功能端验证HTTP验证 Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ya.ru ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ace188.com 8.8.8.8
... ELSE set variable nslookup -debug -query=AAAA ya.ru ... ELSE set variable nslookup -debug -query=AAAA harfordemcomm.org
${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400 ${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400
... ELSE Create List fc00::2:11 www.taobao.com ttl = 400 ... ELSE Create List fc00::2:11 www.taobao.com ttl = 400
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 功能端验证HTTP验证 Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d ya.ru ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d huitu.com 8.8.8.8
... ELSE set variable nslookup -debug -query=AAAA ya.ru ... ELSE set variable nslookup -debug -query=AAAA harfordemcomm.org
${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400 ${stringlist} run keyword if '${systemType}'=='Windows' Create List fc00::2:11 www.taobao.com ttl = 400
... ELSE Create List fc00::2:11 www.taobao.com ttl = 400 ... ELSE Create List fc00::2:11 www.taobao.com ttl = 400
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
@@ -56,6 +75,10 @@ SecurityPolicy-Deny-Dns-00004
${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.40.110 www.facebook.com ttl = 400 www.ok.ru fc00::2:22 ${stringlist} run keyword if '${systemType}'=='Windows' Create List 192.168.40.110 www.facebook.com ttl = 400 www.ok.ru fc00::2:22
... ELSE Create List 192.168.40.110 www.ok.ru ttl = 400 ... ELSE Create List 192.168.40.110 www.ok.ru ttl = 400
${rescode} SystemCommands ${commandstr} ${stringlist} ${rescode} SystemCommands ${commandstr} ${stringlist}
Comment 改变阻断策略
${policyDict} Create Dictionary policyId=${deny_dns_policyId3} policyName=SecurityPolicy-Deny-Dns-00004_1 destination=164745|TSG_SECURITY_DESTINATION_ADDR policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"redirect","resolution":[{"answer":[{"atype":"AAAA","value":"fc00::2:22","ttl":{"min":400,"max":400}},{"atype":"CNAME","value":"www.facebook.com","ttl":{"min":400,"max":400}}],"qtype":"AAAA"},{"qtype":"A","answer":[{"atype":"CNAME","value":"www.ok.ru","ttl":{"min":400,"max":400}},{"atype":"A","value":"192.168.40.110","ttl":{"min":400,"max":400}}]}]} filterList=${deny_dns_objectId5}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID}
log ${policyDict}
${rescode} UpdatePolicies 1 ${policyDict} v2 update
Comment 功能端验证HTTP验证 Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.twitch.tv ${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.twitch.tv
... ELSE set variable nslookup -debug -query=AAAA www.twitch.tv ... ELSE set variable nslookup -debug -query=AAAA www.twitch.tv

6
01-TestCase/tsg_adc/multi_step/c_Deny_Dns_Tests.robot
View File

@@ -17,6 +17,7 @@ ${objectids} ${EMPTY}
SecurityPolicy-Deny-Dns-00001 SecurityPolicy-Deny-Dns-00001
#删除对象 #删除对象
${objectids} set Variable ${deny_dns_objectId} ${objectids} set Variable ${deny_dns_objectId}
${objectids} Catenate SEPARATOR=, ${objectids} ${deny_dns_objectId4}
#删除策略 #删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId}]} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId}]}
${s} Convert to String ${deny_dns_policyId} ${s} Convert to String ${deny_dns_policyId}
@@ -25,7 +26,7 @@ SecurityPolicy-Deny-Dns-00001
SecurityPolicy-Deny-Dns-00002 SecurityPolicy-Deny-Dns-00002
#删除对象 #删除对象
${objectids} set Variable ${deny_dns_objectId1} #${objectids} set Variable ${deny_dns_objectId1}
#删除策略 #删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId1}]} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId1}]}
${s} Convert to String ${deny_dns_policyId1} ${s} Convert to String ${deny_dns_policyId1}
@@ -34,7 +35,7 @@ SecurityPolicy-Deny-Dns-00002
SecurityPolicy-Deny-Dns-00003 SecurityPolicy-Deny-Dns-00003
#删除对象 #删除对象
${objectids} set Variable ${deny_dns_objectId2} # ${objectids} set Variable ${deny_dns_objectId2}
#删除策略 #删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId2}]} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId2}]}
${s} Convert to String ${deny_dns_policyId2} ${s} Convert to String ${deny_dns_policyId2}
@@ -43,6 +44,7 @@ SecurityPolicy-Deny-Dns-00003
SecurityPolicy-Deny-Dns-00004 SecurityPolicy-Deny-Dns-00004
#删除对象 #删除对象
${objectids} set Variable ${deny_dns_objectId3} ${objectids} set Variable ${deny_dns_objectId3}
${objectids} Catenate SEPARATOR=, ${objectids} ${deny_dns_objectId5}
#删除策略 #删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId3}]} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${deny_dns_policyId3}]}
${s} Convert to String ${deny_dns_policyId3} ${s} Convert to String ${deny_dns_policyId3}

1
05-Other/curl/command/ProxyPolicy_allow_00001_1.bat Normal file
View File

@@ -0,0 +1 @@
curl -kv https://games.sina.com.cn/ | iconv -f utf-8 -t gbk

1
05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00003.bat Normal file
View File

@@ -0,0 +1 @@
curl http://open.node.com/ | iconv -f utf-8 -t gbk

1
05-Other/curl/command/SecurityPolicy_Intercept_HTTP_00004.bat Normal file
View File

@@ -0,0 +1 @@
curl http://www.zongheng.com/ | iconv -f utf-8 -t gbk