gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: gfwleak:master
Branches Tags
gfwleak:master gfwleak:develop gfwleak:20-06dev gfwleak:deploy gfwleak:20-05dev gfwleak:20-04dev gfwleak:patch-2 gfwleak:patch-1
...
pull from: gfwleak:20-04dev
Branches Tags
gfwleak:develop gfwleak:20-06dev gfwleak:deploy gfwleak:20-05dev gfwleak:20-04dev gfwleak:patch-2 gfwleak:patch-1 gfwleak:master

270 Commits
master ... 20-04dev

Author SHA1 Message Date
姬巍川
70b4c4576f 修改策略添加条件成功 2020-05-07 20:34:38 +08:00
dongxiaoyan
8ccae9a967 1、策略修改接口不支持返回数据,所以删除修改时的是否返回数据参数; 
2、修改拼接对象json时把policyid置空逻辑为修改不置空,新增置空
 2020-05-07 20:00:23 +08:00
dongxiaoyan
3734bbd3cf 调整公共方法适应修改策略 2020-05-07 19:50:49 +08:00
姬巍川
60cba6422c 修改引用错误 2020-05-07 19:22:54 +08:00
姬巍川
50c41d3f54 Replace Deny_Http_Tests.robot 2020-05-07 19:06:47 +08:00
姬巍川
3e18fdbb19 修改错误删除对象 2020-05-07 19:06:16 +08:00
姬巍川
f0f44a49ba 添加多条件策略,添加block、alert策略,修改策略修改失败 2020-05-07 18:52:03 +08:00
dongxiaoyan
7886a49d47 主动防御策略,只是示例,不包括功能端验证,不包括接口边界测试等 2020-05-07 18:01:59 +08:00
dongxiaoyan
670e79b7d5 删除数据结果在指定时间范围内容的限制,因数据不一定有最近时间范围内的 2020-05-07 17:33:21 +08:00
dongxiaoyan
aebe473065 1、调整策略修改方法,和新增入参一致 
2、删除策略新增必填时间计划
 2020-05-07 17:23:25 +08:00
dongxiaoyan
e2564084d2 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-05-07 09:54:19 +08:00
姬巍川
c711a0a5c0 修改大小写标签 2020-05-06 19:41:49 +08:00
姬巍川
47f8d9d315 修改大小写标签 2020-05-06 19:41:28 +08:00
姬巍川
110d08717e 修改大小写标签 2020-05-06 19:41:09 +08:00
姬巍川
c149041daa 修改大小写标签 2020-05-06 19:40:40 +08:00
姬巍川
cd38570d41 修改大小写标签 2020-05-06 19:40:11 +08:00
姬巍川
7dba113050 添加俄文验证,修改大小写标签 2020-05-06 19:39:41 +08:00
姬巍川
ea8934750b Replace Hijack_Ssl_Tests.robot 2020-05-06 19:39:16 +08:00
姬巍川
a277fec4ef 修改大小写标签 2020-05-06 19:38:55 +08:00
姬巍川
20bd4c05a5 修改大小写标签 2020-05-06 19:38:15 +08:00
姬巍川
a9631b3a80 添加俄文验证,修改大小写标签 2020-05-06 19:37:41 +08:00
姬巍川
75e83e4ff8 Upload New File 2020-05-06 16:51:27 +08:00
dongxiaoyan
3559edfb61 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-05-06 12:38:45 +08:00
yyq
019f13aad2 日志统计代码完善 2020-05-06 10:08:06 +08:00
姬巍川
738ebcaf23 已进行验证 2020-05-05 20:08:00 +08:00
姬巍川
4b768c5865 已进行验证 2020-05-05 20:07:22 +08:00
姬巍川
5870b5fd63 部分未通过,需要进一步排查 2020-05-05 20:06:52 +08:00
姬巍川
4fbf43c11a 部分未通过,需要进一步排查 2020-05-05 20:06:04 +08:00
姬巍川
3c06ba5239 已进行功能验证 2020-04-30 19:35:40 +08:00
姬巍川
611280de40 已进行功能验证 2020-04-30 19:35:20 +08:00
yyq
dd10615b4c Revert "日志统计查询时最近一小时、一天、一周、一个月、一年" 
This reverts commit 4248f1a1
 2020-04-30 18:54:11 +08:00
unknown
a0be640e08 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest into develop 2020-04-30 18:45:05 +08:00
unknown
4248f1a14a 日志统计查询时最近一小时、一天、一周、一个月、一年 2020-04-30 18:44:54 +08:00
dongxiaoyan
4f6b2f10fa Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-30 18:00:35 +08:00
姬巍川
e898915184 hijack动作ssl已进行功能验证 2020-04-30 16:39:17 +08:00
姬巍川
098735f702 hijack动作http已进行功能验证 2020-04-30 16:38:33 +08:00
姬巍川
93da3f0477 执行命令添加kv 2020-04-30 15:59:02 +08:00
姬巍川
05b9a7a709 Replace SecurityPolicy-Deny-HTTP-0017.bat 2020-04-30 15:58:04 +08:00
姬巍川
538ecee730 Replace SecurityPolicy-Deny-HTTP-0012.bat 2020-04-30 15:57:49 +08:00
姬巍川
eae74ee497 Replace SecurityPolicy-Deny-HTTP-0008.bat 2020-04-30 15:57:33 +08:00
姬巍川
b8ca62aef2 Replace SecurityPolicy-Intercept-HTTP-0003.bat 2020-04-30 15:57:07 +08:00
姬巍川
83b44b834b Replace SecurityPolicy-Intercept-HTTP-0002.bat 2020-04-30 15:56:28 +08:00
姬巍川
2c835ff0e4 Replace SecurityPolicy-Intercept-HTTP-0001.bat 2020-04-30 15:56:06 +08:00
dongxiaoyan
71d1e78541 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-29 20:10:10 +08:00
dongxiaoyan
ab22df18bd 添加查询公共函数 2020-04-29 20:04:46 +08:00
姬巍川
e34021c3dd 未进行功能验证 2020-04-29 19:52:23 +08:00
姬巍川
2c9b17a301 未进行功能验证 2020-04-29 19:52:07 +08:00
liuyuanfang
bd0395b1d3 Update LogSchema.robot 2020-04-29 19:52:01 +08:00
姬巍川
e26078d9ba 未进行功能验证 2020-04-29 19:51:50 +08:00
姬巍川
62f6ee719e 未进行功能验证 2020-04-29 19:51:35 +08:00
姬巍川
86fe38dc31 未进行功能验证 2020-04-29 19:51:18 +08:00
姬巍川
883679e948 未进行功能验证 2020-04-29 19:51:01 +08:00
姬巍川
beab4fe94f 未进行功能验证 2020-04-29 19:50:41 +08:00
姬巍川
4b9f66d5d9 未进行功能验证 2020-04-29 19:50:05 +08:00
lyf
1f7ca19b43 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest into develop 2020-04-29 19:39:57 +08:00
lyf
78e3622184 主动防御接口case 2020-04-29 19:39:52 +08:00
姬巍川
dc3de9515a 修改错误值 2020-04-29 15:23:57 +08:00
姬巍川
ac187eaa01 修改用例名称错误 2020-04-29 15:12:08 +08:00
dongxiaoyan
afd9082153 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-29 12:13:44 +08:00
姬巍川
cb30282816 去掉多余Create List 2020-04-29 10:30:33 +08:00
dongxiaoyan
6013e122f1 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-28 19:54:30 +08:00
dongxiaoyan
bb427c16c6 1、适应命令变化;cli命令返回没有换行符号,以提交bug,如果有修复再改回; 
2、删除tsg_show时间范围验证;
 2020-04-28 19:51:12 +08:00
姬巍川
49770b056c 替换ssl 2020-04-28 19:38:05 +08:00
姬巍川
a0336d4aef 替换http 2020-04-28 19:37:40 +08:00
dongxiaoyan
1ace02da3c 修改接口的地址前缀全部使用配置文件版本 2020-04-28 17:03:28 +08:00
姬巍川
c6338ff9d0 添加俄文验证 2020-04-28 13:52:22 +08:00
姬巍川
8d182ac150 修改17-20用例liunx访问地址 2020-04-28 13:44:47 +08:00
dongxiaoyan
7dea8cc295 1、中间件比率测试:只出数据不出结论;增加日志总量查询关键字; 
2、制造http支持alert数据;
3、删除策略中目标对象的默认引用
 2020-04-28 12:46:43 +08:00
dongxiaoyan
51eb81f6bf 修改大小写不一致导致的问题; 
添加interceptssl熟悉接口,待更接口更新后测试;
 2020-04-28 12:43:00 +08:00
姬巍川
1efafe17e1 修改网站引用错误 2020-04-28 10:20:33 +08:00
姬巍川
33f8c8c606 修改网站引用错误 2020-04-28 10:18:53 +08:00
姬巍川
3adb8ca243 http改为https 2020-04-28 10:14:35 +08:00
姬巍川
21d47dbbfe 修改完整匹配应答 2020-04-28 10:06:22 +08:00
姬巍川
9673081af5 Upload New File 2020-04-28 10:01:02 +08:00
姬巍川
16a1d44105 Upload New File 2020-04-28 10:00:37 +08:00
姬巍川
940c09071a Upload New File 2020-04-28 10:00:26 +08:00
姬巍川
c9c7c15213 Upload New File 2020-04-28 10:00:14 +08:00
姬巍川
9d093d42bc Upload New File 2020-04-28 10:00:03 +08:00
姬巍川
bded53e2e8 Upload New File 2020-04-28 09:59:50 +08:00
姬巍川
ba93905b8c Upload New File 2020-04-28 09:59:37 +08:00
姬巍川
eace7ac745 Upload New File 2020-04-28 09:59:23 +08:00
姬巍川
c4146b5262 重定向ssl 2020-04-28 09:58:55 +08:00
姬巍川
a92cc1d765 重定向http 2020-04-28 09:58:40 +08:00
姬巍川
d4108f5ec8 修改对对象删除 2020-04-27 15:14:43 +08:00
姬巍川
03c722b4a7 添加tfe验证,修改多对象删除 2020-04-27 15:13:27 +08:00
姬巍川
fb99a47069 Update Deny_Ssl_Tests.robot 2020-04-27 14:13:44 +08:00
姬巍川
6e784b136d Update Deny_Http_Tests.robot 2020-04-27 14:12:51 +08:00
姬巍川
7030aaf732 代理策略deny动作ssl 2020-04-27 13:36:27 +08:00
姬巍川
ca7d3e0a48 代理策略deny动作http 2020-04-27 13:35:57 +08:00
姬巍川
58d218afd8 Add new directory 2020-04-27 13:34:55 +08:00
姬巍川
2f7c313fc3 Upload New File 2020-04-27 13:32:31 +08:00
姬巍川
491ef128b8 Upload New File 2020-04-27 13:32:13 +08:00
姬巍川
72424ed78d Upload New File 2020-04-27 13:32:02 +08:00
姬巍川
8b60f45377 Upload New File 2020-04-27 13:31:34 +08:00
姬巍川
6adf43245b Upload New File 2020-04-27 13:31:19 +08:00
姬巍川
775582e390 Upload New File 2020-04-27 13:31:03 +08:00
姬巍川
5c3e7c9df1 Upload New File 2020-04-27 13:30:50 +08:00
unknown
24845f8dd5 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest into develop 2020-04-26 18:54:23 +08:00
unknown
9d70215314 0426 日志查询封装公共部分 2020-04-26 18:53:34 +08:00
姬巍川
99adc436c7 修改错误验证 2020-04-26 16:53:16 +08:00
姬巍川
a4317dba0c 修改验证 2020-04-26 16:48:46 +08:00
姬巍川
edf709ae45 monitor动作SSL协议 2020-04-25 21:25:07 +08:00
姬巍川
0abfc71e4c monitor动作mail协议 2020-04-25 21:24:49 +08:00
姬巍川
b4418f2f71 monitor动作http协议 2020-04-25 21:24:22 +08:00
姬巍川
f59b7bebc9 monitor动作ftp协议 2020-04-25 21:23:58 +08:00
姬巍川
f96aa0848f monitor动作dns协议 2020-04-25 21:23:21 +08:00
姬巍川
1724e247fa 修改标签大小写 2020-04-25 21:22:32 +08:00
姬巍川
d52a2db717 修改标签大小写 2020-04-25 21:22:13 +08:00
姬巍川
81e9ca606f 修改标签大小写 2020-04-25 21:21:48 +08:00
姬巍川
7eb73f2e7d 修改标签大小写 2020-04-25 21:21:20 +08:00
姬巍川
38f1822f18 修改标签大小写 2020-04-25 21:20:53 +08:00
姬巍川
d4ee1786a9 修改ftp下载问题 2020-04-25 21:20:16 +08:00
姬巍川
e2c3d09153 修改标签大小写 2020-04-25 21:19:46 +08:00
姬巍川
875ff87998 修改标签大小写 2020-04-25 21:19:23 +08:00
姬巍川
e2af5f5ec7 修改标签大小写 2020-04-25 21:18:00 +08:00
姬巍川
9b18bcb5e9 Update Deny_MAIL_Tests.robot 2020-04-24 19:18:49 +08:00
姬巍川
0061e495cc 修改mail验证 2020-04-24 19:17:11 +08:00
姬巍川
77bea1c7b7 修改mail验证 2020-04-24 19:16:47 +08:00
dongxiaoyan
ae2ecc414d 调整策略拼接适应主动策略部分,主动策略部分为添加功能端验证尝试中 2020-04-24 18:44:07 +08:00
姬巍川
bc2db50a84 修改DNS策略 2020-04-24 18:16:19 +08:00
姬巍川
be8cee5563 解决由于环境导致验证问题 2020-04-24 15:57:51 +08:00
姬巍川
56f3b0a292 Upload New File 2020-04-24 15:35:15 +08:00
姬巍川
f9622dd2e6 Upload New File 2020-04-24 15:34:59 +08:00
姬巍川
ccbaed5309 Upload New File 2020-04-24 15:34:43 +08:00
姬巍川
0b0e2217f1 删除错误用例 2020-04-24 15:17:01 +08:00
姬巍川
934bda6bfb 修改样式问题 2020-04-24 14:59:43 +08:00
姬巍川
17e8991dab 修改样式问题 2020-04-24 14:59:10 +08:00
姬巍川
dcf3b9d4d0 修改样式问题 2020-04-24 14:58:30 +08:00
姬巍川
cf132d22db 修改样式问题 2020-04-24 14:57:57 +08:00
dongxiaoyan
554f47d595 Denyssl:删除多次引用ip 
Interface:调整适应cli调整
PolicyObjectdefault调整适应subid和localip不同时默认
 2020-04-24 11:17:09 +08:00
姬巍川
fd0242319a deny中FTP协议,目前下载存在问题,正在解决 2020-04-24 10:42:33 +08:00
姬巍川
51f1347c14 deny中SSL协议,测试通过 2020-04-24 10:41:33 +08:00
姬巍川
35b1c2d3d0 deny中HTTP除set-cookie以外,其他测试已通过 2020-04-24 10:40:47 +08:00
姬巍川
c16c2a1200 deny中MAIL测试,除发件人和收件人存在bug,其他已测试通过 2020-04-24 10:39:45 +08:00
姬巍川
75cb1b5e28 deny中DNS测试已通过 2020-04-24 10:38:31 +08:00
lyf
7e38504505 提交objects模块case和添加修改的关键字 2020-04-22 17:41:25 +08:00
dongxiaoyan
0dda3bfc7f 调整,以适应useregion灵活传值,注意,useregion非空为json串:{"method":"rst"},空为userRegion= 2020-04-22 12:24:24 +08:00
姬巍川
c22164a3b3 Upload New File 2020-04-21 19:33:29 +08:00
姬巍川
942be5b560 Upload New File 2020-04-21 19:33:12 +08:00
姬巍川
3103aee9de windows和liunx均测试通过 2020-04-21 19:32:19 +08:00
姬巍川
a238045f49 Update Allow_Http_Tests.robot 2020-04-21 19:31:08 +08:00
姬巍川
9d95497aab Windows和liunx均测试通过 2020-04-21 19:30:08 +08:00
姬巍川
b40d41f6d3 Windows和liunx均测试通过 2020-04-21 19:29:13 +08:00
姬巍川
a30c760007 Update Intercept_Http_Tests.robot 2020-04-21 19:28:08 +08:00
姬巍川
069a517409 Windows和liunx均测试通过 2020-04-21 19:26:56 +08:00
dongxiaoyan
817576a347 修改参数 2020-04-21 19:07:05 +08:00
dongxiaoyan
a0d66edfd0 1、修改重定向不同操作系统使用文件; 
2、添加测试时默认添加测试机IP或subid;
 2020-04-21 13:30:41 +08:00
姬巍川
bbef5a5ebd Upload New File 2020-04-20 19:54:42 +08:00
姬巍川
eb5500bc1d Upload New File 2020-04-20 19:53:59 +08:00
姬巍川
5447d2df4c Upload New File 2020-04-20 19:53:48 +08:00
姬巍川
7591043134 Upload New File 2020-04-20 19:53:29 +08:00
姬巍川
c99dacee8c SSL类型,windos环境下已通过 2020-04-20 19:49:05 +08:00
姬巍川
af77cc2d29 HTTP类型,windos环境下已通过 2020-04-20 19:48:34 +08:00
姬巍川
b904f8f8f6 自建服务器防火墙策略 2020-04-20 19:47:13 +08:00
zhangwenqing
5c133af199 feat(API):增加策略验证关键字 2020-04-17 19:33:15 +08:00
dongxiaoyan
96cc5b7aaf 大小写问题修改 2020-04-17 18:19:40 +08:00
dongxiaoyan
ded5e019f2 自建环境用例 2020-04-17 16:13:37 +08:00
dongxiaoyan
7d1cfae8b4 纠正文件大小写以适应linux下的大小写区分 2020-04-17 10:12:15 +08:00
zhangwenqing
a32c839dc6 tsgcli对比文件内容更新 2020-04-16 19:10:42 +08:00
朱明明
756106a5c8 修改ftp返回值 2020-04-16 18:15:41 +08:00
朱明明
fcb17b92c5 修改mail断言 2020-04-16 18:13:06 +08:00
朱明明
662ccfc903 修改ftp断言 2020-04-16 18:09:55 +08:00
朱明明
42af6507f3 修改mail断言 2020-04-16 18:06:43 +08:00
朱明明
5e369dec54 修改ftp返回值断言 2020-04-16 18:04:05 +08:00
朱明明
06cbfd5eb2 修改mail返回值 2020-04-16 17:54:28 +08:00
朱明明
dd13d7bc0d 修改 ftp 返回 2020-04-16 17:50:47 +08:00
zhangwenqing
23c7bf117a 全流程用例添加策略对象时增加默认值 2020-04-16 14:27:54 +08:00
dongxiaoyan
1903bf814d 去除http协议的ssl,Region部分 2020-04-16 13:55:56 +08:00
dongxiaoyan
30b2882936 HTTP拦截策略去除SSL的userRegion部分 2020-04-16 13:55:01 +08:00
zhangwenqing
706a24506e feat(API):策略/对象新增默认值补充 2020-04-15 18:23:16 +08:00
shangguan
0786873809 添加策略不成功,删除策略中的keyring属性 2020-04-15 18:00:00 +08:00
zhangwenqing
5fca94551e fix(Cli):修正tsg_show命令对比条件 2020-04-15 16:10:00 +08:00
shangguan
67e2c3bc91 测试用例修改subID,添加ELSE判断和区分windows和linux的执行命令 2020-04-15 14:36:32 +08:00
朱明明
69ce7f1972 FTP_down 与FTP_login 关键字实例 2020-04-15 14:11:44 +08:00
dongxiaoyan
4348bac810 补充提交各case的bat文件 2020-04-15 10:17:56 +08:00
dongxiaoyan
97bf4de593 添加默认值,避免控制报错影响下面代码结果 2020-04-14 19:25:38 +08:00
dongxiaoyan
8aee95b648 使用封装的对象和策略关键字添加对象和策略; 2020-04-14 18:20:47 +08:00
朱明明
e61d81aad5 修改ftp下载 2020-04-14 17:29:28 +08:00
朱明明
07072d89a5 添加判断操作系统关键字和修改ftp登录 2020-04-14 17:21:23 +08:00
dongxiaoyan
b8148b1de4 使用自建服务器用例目录,下面根据策略类型创建api_proxy或api_security目录;用例都打上selfserver标签 2020-04-14 16:05:17 +08:00
zhangwenqing
44bd76e32b feat(Cli):1、策略状态更改测试用例补充策略类型,2、策略对象查询测试用例多次迭代,3、增加对各cli命令help参数返回值测试 2020-04-14 15:42:54 +08:00
姬巍川
4dc63558d0 Update SecurityPolicy_monitor_ssl002.bat 2020-04-14 14:35:33 +08:00
zhangwenqing
ab49f10b0e feat(MIB):增加TSG MIB测试用例 2020-04-13 19:29:32 +08:00
dongxiaoyan
3a50d9ad12 调整是否添加本地ip逻辑 2020-04-13 16:57:17 +08:00
dongxiaoyan
419e6bfd39 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-13 16:52:32 +08:00
dongxiaoyan
18ac38babf 调整是否添加本机IP的if逻辑,添加根据操作系统执行不同curl命令 2020-04-13 16:50:40 +08:00
shangguan
05a3b64e93 api-security测试用例修改和StmpHandle.robot关键字EmailLogin的修改 2020-04-13 16:15:54 +08:00
dongxiaoyan
ee08fd111e 部分调整 2020-04-10 19:26:07 +08:00
shangguan
5d3bd94996 dashboard页面 毕方和大数据 对比用例,需要安装DateTime库, 
命令为pip install DateTime
 2020-04-10 17:57:09 +08:00
dongxiaoyan
0ccf5b94cb 补充提交已有用例对用bat文件 2020-04-10 15:19:55 +08:00
dongxiaoyan
a9d94f4f7e 1、添加subid; 
2、deny动作调整;
3、redirect删除验证容易变化部分
 2020-04-09 19:38:26 +08:00
shangguan
240e95fa41 用例中的引用库和库名字大小写的修改 2020-04-09 17:43:22 +08:00
zhangwenqing
f4a04f3405 feat(API):新增关键字功能,用于添加对象时参数组装 2020-04-08 19:16:24 +08:00
朱明明
6a1aaa7443 Update AllowSSLTests.robot 2020-04-08 18:58:51 +08:00
dongxiaoyan
f4f24197c7 删除无用参数;添加标签;添加docker常用命令;注销自动获取测试机ip(获取的不是测试网络IP) 2020-04-08 17:13:17 +08:00
dongxiaoyan
89420a9aa3 删除无用文件 2020-04-07 18:20:57 +08:00
dongxiaoyan
4c4105d620 更改引用文件名大小写,适应linux测试环境 2020-04-07 17:55:55 +08:00
dongxiaoyan
da198355ee 删除无用文件 2020-04-07 17:55:03 +08:00
dongxiaoyan
da29e5c831 更改引用文件名大小写,适应linux测试环境 2020-04-07 17:53:25 +08:00
dongxiaoyan
8eb7c5e59d 111 2020-04-07 17:50:50 +08:00
dongxiaoyan
ce783d9f94 提交测试 2020-04-07 17:42:47 +08:00
dongxiaoyan
ff6b8e2650 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-07 17:13:53 +08:00
zhangwenqing
2b22a250f8 fix(Cli):修正普通用户执行特权指令时的断言条件 2020-04-07 16:57:57 +08:00
dongxiaoyan
bdae6f5ab9 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest.git into develop 2020-04-07 15:56:56 +08:00
dongxiaoyan
5f852b4c43 调整denyhttpcase 2020-04-07 15:13:53 +08:00
dongxiaoyan
785f94cb28 DenyHttpcase调整 2020-04-07 14:49:18 +08:00
zhangwenqing
809e9b8409 补充提交 2020-04-07 14:24:01 +08:00
zhangwenqing
d12a51d62f feat(API):新增关键字功能,用于添加策略对象时参数组装 2020-04-07 14:11:59 +08:00
zhangwenqing
52aabf8e9d fix(Common):修正"testClentIP"变量获取 2020-04-07 14:10:59 +08:00
dongxiaoyan
c2c9f609b8 补充提交 2020-04-07 12:51:52 +08:00
dongxiaoyan
a8db6e3b74 补充提交 2020-04-07 12:49:51 +08:00
dongxiaoyan
55b181a010 调整用例:用例验证、用例脚本、适应linux测试环境的命令,redirect已linux环境测试通过,deny第一个用例测试通过 2020-04-07 12:16:11 +08:00
dongxiaoyan
ed30cbe9e4 补充测试中本机IP分支 2020-04-03 13:53:54 +08:00
dongxiaoyan
b18de1728e smtp3 4合并保留一个解决冲突 2020-04-03 13:15:28 +08:00
dongxiaoyan
870b8ef314 删除无用目录,更改对自定义库引用的错误名称 2020-04-03 11:40:24 +08:00
dongxiaoyan
ee34b6d46f 删除无用目录,更改对自定义库引用的错误名称 2020-04-03 11:37:49 +08:00
dongxiaoyan
eeacfcb6ef 更改类库名称 2020-04-03 11:17:05 +08:00
dongxiaoyan
3f6fbfedd2 获取本机ip存在问题先使用设置;用例核查日志用错策略id调整,策略验证内容不存在,调整为一定存在内容 2020-04-03 11:15:45 +08:00
dongxiaoyan
71f7287b64 删除结果作为整个json串判断,更改分步骤支持的策略删除 2020-04-02 19:50:46 +08:00
dongxiaoyan
e1e04798ad 适应接口调整代理部分:IP、app强制,遗留replace的验证问题 2020-04-02 19:30:43 +08:00
zhangwenqing
c8eeb189d6 补充扩展包导入方式描述文件 2020-04-02 15:50:13 +08:00
zhangwenqing
99b9a27e95 feat(Common):"testClentIP"变量动态获取 2020-04-02 15:46:15 +08:00
zhangwenqing
103a7bdede feat(Cli):增加TsgCli测试用例 2020-04-02 14:19:25 +08:00
zhangwenqing
4c8eed51dd feat(API):增加TsgAPI接口测试用例 
Keyring策略文件、
可信证书颁发机构策略文件、
内容劫持策略文件、
访问阻断页面策略文件、
注入脚本策略文件、
流量转发目的地址配置和中间证书
 2020-04-02 14:17:05 +08:00
朱明明
52e044e8e8 已修改引入文件和内容 2020-04-01 21:06:00 +08:00
朱明明
970000c2e9 已修改引入文件和内容 2020-04-01 21:03:23 +08:00
朱明明
444d972880 已修改引入文件和内容 2020-04-01 20:59:10 +08:00
朱明明
c2dddf3bc5 已修改引入文件和内容 2020-04-01 19:39:00 +08:00
朱明明
d2d3839af7 已修改引入文件和内容 2020-04-01 19:27:01 +08:00
朱明明
0db42eed5a 已修改 引入文件和内容 2020-04-01 18:47:22 +08:00
朱明明
b26e3bb5b0 已修改引入文件和内容 2020-04-01 18:27:03 +08:00
朱明明
32cd7bb9e0 已修改引入文件和内容 2020-04-01 18:14:31 +08:00
朱明明
cbbc811c1c 已修改引入文件和内容 2020-04-01 18:14:15 +08:00
朱明明
ccb7589091 已修改引入文件和内容 2020-04-01 18:13:54 +08:00
朱明明
7c80427659 已修改引入文件和内容 2020-04-01 18:13:38 +08:00
朱明明
69b743541b 已修改引入文件和内容 2020-04-01 18:13:26 +08:00
朱明明
be729e1b76 已修改引入文件和内容 2020-04-01 18:13:14 +08:00
朱明明
2d421b966d 已修改引入文件和内容 2020-04-01 18:12:53 +08:00
朱明明
1cbb928083 已修改 引入文件和内容 2020-04-01 18:11:57 +08:00
朱明明
23b3ef1031 已修改 引入文件和内容 2020-04-01 18:09:59 +08:00
朱明明
9f47db2b93 已修改ip 与 协议 2020-04-01 18:09:05 +08:00
朱明明
88c0711565 已修改 ip 与协议编号 2020-04-01 18:07:22 +08:00
朱明明
af39b595d4 已修改 ip 与 协议编号 2020-04-01 18:06:47 +08:00
朱明明
916cb8491e 已修改 ip 与 协议编号 2020-04-01 18:06:02 +08:00
朱明明
db2675c826 已修改 ip 与 协议编号 2020-04-01 18:05:14 +08:00
朱明明
76eb356ed7 已修改 ip与协议编号 2020-04-01 18:04:30 +08:00
朱明明
136b9a70a0 Upload New File 2020-04-01 16:48:21 +08:00
朱明明
b4fd5dac1c Upload New File 2020-04-01 16:48:12 +08:00
朱明明
5a7c86b706 Upload New File 2020-04-01 16:48:05 +08:00
朱明明
86c74a306e Upload New File 2020-04-01 16:47:57 +08:00
朱明明
4e8cb056b6 Upload New File 2020-04-01 16:47:49 +08:00
朱明明
9801aa69c1 Upload New File 2020-04-01 16:47:41 +08:00
朱明明
9a82f4613f Upload New File 2020-04-01 16:47:32 +08:00
朱明明
dd3d3d5cda Upload New File 2020-04-01 16:47:21 +08:00
朱明明
bc3f1bb3c5 Upload New File 2020-04-01 16:47:12 +08:00
dongxiaoyan
d64540ca3f “删除误添加目录 2020-04-01 16:45:08 +08:00
dongxiaoyan
480d76aad4 Merge branch 'develop' of https://git.mesalab.cn/dongxiaoyan/tsg_autotest into develop 2020-04-01 16:36:25 +08:00
dongxiaoyan
7120606705 “demo 2020-04-01 16:34:13 +08:00
朱明明
39d3455be1 Upload New File 2020-04-01 15:52:54 +08:00
朱明明
0401d04862 Upload New File 2020-04-01 15:52:39 +08:00
朱明明
8a8270845f Add new directory 2020-04-01 14:43:53 +08:00
朱明明
b1cc1f9d93 Upload New File 2020-04-01 14:38:31 +08:00
朱明明
7105147d6a Upload New File 2020-04-01 14:37:52 +08:00
朱明明
46082cd017 Upload New File 2020-04-01 14:21:06 +08:00
朱明明
0cddeaa1e2 Upload New File 2020-04-01 14:20:47 +08:00
朱明明
4027378b97 Upload New File 2020-04-01 14:20:22 +08:00
朱明明
d4e2800f91 Upload New File 2020-04-01 13:29:46 +08:00
朱明明
102bb465bb Upload New File 2020-04-01 13:29:32 +08:00
董晓燕
2da0b9522c Add new directory 2020-04-01 12:51:02 +08:00
董晓燕
57d2f77b9f Add new directory 2020-04-01 12:50:21 +08:00
222 changed files with 27565 additions and 26902 deletions
Expand all files Collapse all files

190
01-TestCase/tsg-ui/ui-objects/Object-HTTPSignature-Case.robot Normal file
View File

@@ -0,0 +1,190 @@
*** Settings ***
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
Library OperatingSystem
*** Test Cases ***
create-HTTPSignature-Request-User-Agent-prefix-001
#新建user-agent
CreatePage ReqRes create-HTTPSignature-Request-User-Agent-prefix-001 reqrestype=req reqresheader=ua keywordtext=Mozilla/5.0*
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-User-Agent-prefix-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-User-Agent-sub-002
#新建user-agent
CreatePage ReqRes create-HTTPSignature-Request-User-Agent-sub-002 reqrestype=req reqresheader=ua keywordtext=Mozilla/5.
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-User-Agent-sub-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-User-Agent-exactly-003
#新建user-agent
CreatePage ReqRes create-HTTPSignature-Request-User-Agent-exactly-003 reqrestype=req reqresheader=ua keywordtext=$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-User-Agent-exactly-003
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-User-Agent-suffix-004
#新建user-agent
CreatePage ReqRes create-HTTPSignature-Request-User-Agent-suffix-004 reqrestype=req reqresheader=ua keywordtext=*Safari/537.36
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-User-Agent-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-Cookie-prefix-005
#新建cookie
CreatePage ReqRes create-HTTPSignature-Request-Cookie-prefix-005 reqrestype=req reqresheader=ck keywordtext=cookie*
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-Cookie-prefix-005
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-Cookie-sub-006
#新建cookie
CreatePage ReqRes create-HTTPSignature-Request-Cookie-sub-006 reqrestype=req reqresheader=ck keywordtext=cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-Cookie-sub-006
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-Cookie-exactly-007
#新建cookie
CreatePage ReqRes create-HTTPSignature-Request-Cookie-exactly-007 reqrestype=req reqresheader=ck keywordtext=$cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-Cookie-exactly-007
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Request-Cookie-suffix-008
#新建cookie
CreatePage ReqRes create-HTTPSignature-Request-Cookie-suffix-008 reqrestype=req reqresheader=ck keywordtext=*cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-Cookie-suffix-008
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Set-Cookie-prefix-009
#新建set-cookie
CreatePage ReqRes create-HTTPSignature-Response-Set-Cookie-prefix-009 reqrestype=res reqresheader=sck keywordtext=set-cookie*
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Set-Cookie-prefix-009
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Set-Cookie-sub-010
#新建set-cookie
CreatePage ReqRes create-HTTPSignature-Response-Set-Cookie-sub-010 reqrestype=res reqresheader=sck keywordtext=set-cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Set-Cookie-sub-010
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Set-Cookie-exactly-011
#新建set-cookie
CreatePage ReqRes create-HTTPSignature-Response-Set-Cookie-exactly-011 reqrestype=res reqresheader=sck keywordtext=$set-cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Set-Cookie-exactly-011
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Set-Cookie-suffix-012
#新建set-cookie
CreatePage ReqRes create-HTTPSignature-Response-Set-Cookie-suffix-012 reqrestype=res reqresheader=sck keywordtext=*set-cookie
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Set-Cookie-suffix-012
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Content-Type-prefix-0013
#新建content-type
CreatePage ReqRes create-HTTPSignature-Response-Content-Type-prefix-0013 reqrestype=res reqresheader=ct keywordtext=Content-Type*
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Content-Type-prefix-0013
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Content-Type-sub-0014
#新建content-type
CreatePage ReqRes create-HTTPSignature-Response-Content-Type-sub-0014 reqrestype=res reqresheader=ct keywordtext=Content-Type
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Content-Type-sub-0014
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Content-Type-exactly-0015
#新建content-type
CreatePage ReqRes create-HTTPSignature-Response-Content-Type-exactly-0015 reqrestype=res reqresheader=ct keywordtext=$Content-Type
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Content-Type-exactly-0015
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-HTTPSignature-Response-Content-Type-suffix-0016
#新建content-type
CreatePage ReqRes create-HTTPSignature-Response-Content-Type-suffix-0016 reqrestype=res reqresheader=ct keywordtext=*Content-Type
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Response-Content-Type-suffix-0016
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-HTTPSignature-017
#新建user-agent
CreatePage ReqRes create-HTTPSignature-Request-User-Agent-prefix-001 reqrestype=req reqresheader=ua keywordtext=Mozilla/5.0*
#验证新建是否成功
ui-object-search-name create-HTTPSignature-Request-User-Agent-prefix-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-HTTPSignature edit-HTTPSignature-017 res sck 8f6c 6362 31 36 8fdb 5236 hex=open
#查询修改对象
ui-object-search-name edit-HTTPSignature-017
#删除对象
objects-delete
create-HTTPSignature-open-16-hex-0018
#新建content-type
CreatePage ReqRes create-HTTPSignature-open-16-hex-0018 reqrestype=res reqresheader=ct keywordtext=*63 6f 6e 74 65 6e 74 hex=open
#验证新建是否成功
ui-object-search-name create-HTTPSignature-open-16-hex-0018
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete

41
01-TestCase/tsg-ui/ui-objects/Object-category-case.robot Normal file
View File

@@ -0,0 +1,41 @@
*** Settings ***
Force Tags tsg-ui objects category
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-category-exactly-001
#新建Category
CreatePage Category create-category-exactly-001 keywordtext=$www.baidu.com
#验证新建是否成功
ui-object-search-name create-category-exactly-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-category-suffix-002
#新建Category
CreatePage Category create-category-suffix-002 keywordtext=*baidu.com
#验证新建是否成功
ui-object-search-name create-category-suffix-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-category-003
#新建Category
CreatePage Category create-category-suffix-002 keywordtext=*baidu.com
#验证新建是否成功
ui-object-search-name create-category-suffix-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-fqdn deit-category-003 $open.node.com
#查询修改对象
ui-object-search-name deit-category-003
#删除对象
objects-delete

31
01-TestCase/tsg-ui/ui-objects/object-Subscriber-ID-case.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Force Tags tsg-ui object sub-id
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-Subscriber-ID-001
#新建sub-id
CreatePage Sub create-sub-id-001 keywordtext=$test37
#验证新建是否成功
ui-object-search-name create-sub-id-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-Subscriber-ID-002
#新建sub-id
CreatePage Sub create-sub-id-001 keywordtext=$test37
#验证新建是否成功
ui-object-search-name create-sub-id-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-Subscriber-ID deit-sub-id-002 $test20
#查询修改对象
ui-object-search-name deit-sub-id-002
#删除对象
objects-delete

61
01-TestCase/tsg-ui/ui-objects/object-account-case.robot Normal file
View File

@@ -0,0 +1,61 @@
*** Settings ***
Force Tags tsg-ui objects account
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-account-prefix-001
#新建Account
CreatePage Account create-account-prefix-001 keywordtext=www.*
#验证新建是否成功
ui-object-search-name create-account-prefix-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-account-sub-002
#新建Account
CreatePage Account create-account-sub-002 keywordtext=1234
#验证新建是否成功
ui-object-search-name create-account-sub-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-account-exactly-003
#新建Account
CreatePage Account create-account-exactly-003 keywordtext=$1234567
#验证新建是否成功
ui-object-search-name create-account-exactly-003
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-account-suffix-004
#新建Account
CreatePage Account create-account-suffix-004 keywordtext=*1234567
#验证新建是否成功
ui-object-search-name create-account-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-account-005
#新建Account
CreatePage Account create-account-suffix-004 keywordtext=*1234567
#验证新建是否成功
ui-object-search-name create-account-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-account deit-account-005 $www.baidu.com
#查询修改对象
ui-object-search-name deit-account-005
#删除对象
objects-delete

41
01-TestCase/tsg-ui/ui-objects/object-fqdn-case.robot Normal file
View File

@@ -0,0 +1,41 @@
*** Settings ***
Force Tags tsg-ui objects fqdn
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-fqdn-exactly-001
#新建fqdn,exactly
CreatePage Fqdn create-fqdn-exactly-001 keywordtext=$open.node.com
#验证新建是否成功
ui-object-search-name create-fqdn-exactly-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-fqdn-suffix-002
#新建fqdn,exactly
CreatePage Fqdn create-fqdn-suffix-002 keywordtext=*open.node.com
#验证新建是否成功
ui-object-search-name create-fqdn-suffix-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
deit-fqdn-003
#新建fqdn,exactly
CreatePage Fqdn create-fqdn-suffix-002 keywordtext=*open.node.com
#验证新建是否成功
ui-object-search-name create-fqdn-suffix-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-fqdn deit-fqdn-003 $open.node.com
#查询修改对象
ui-object-search-name deit-fqdn-003
#删除对象
objects-delete

81
01-TestCase/tsg-ui/ui-objects/object-ip-case.robot Normal file
View File

@@ -0,0 +1,81 @@
*** Settings ***
Force Tags tsg-ui objects ip
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-ipv4-range-001
#新建iprange
CreatePage Ip create-ipv4-range-001 ipads=ipv4 ipclient=range ipclienttext1=192.168.1.1 ipclienttext2=192.168.1.1
#验证新建是否成功
ui-object-search-name create-ipv4-range-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-ipv4-cidr-002
#新建iprange
CreatePage Ip create-ipv4-cidr-001 ipads=ipv4 ipclient=cidr ipclienttext1=192.168.1.1 ipclienttext2=24
#验证新建是否成功
ui-object-search-name create-ipv4-cidr-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-ipv4-masks-003
#新建iprange
CreatePage Ip create-ipv4-masks-001 ipads=ipv4 ipclient=masks ipclienttext1=192.168.1.1 ipclienttext2=255.255.255.0
#验证新建是否成功
ui-object-search-name create-ipv4-masks-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-ipv6-range-004
#新建iprange
CreatePage Ip create-ipv6-range-004 ipads=ipv6 ipclient=range ipclienttext1=0:0:0:0:0:0:0:0 ipclienttext2=FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
#验证新建是否成功
ui-object-search-name create-ipv6-range-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-ipv6-cidr-005
#新建iprange
CreatePage Ip create-ipv6-cidr-005 ipads=ipv6 ipclient=cidr ipclienttext1=0:0:0:0:0:0:0:0 ipclienttext2=64
#验证新建是否成功
ui-object-search-name create-ipv6-cidr-005
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-ipv6-masks-006
#新建iprange
CreatePage Ip create-ipv6-masks-006 ipads=ipv6 ipclient=masks ipclienttext1=0:0:0:0:0:0:0:0 ipclienttext2=0:0:0:0:0:0:0:0
#验证新建是否成功
ui-object-search-name create-ipv6-masks-006
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-ip-007
#新建iprange
CreatePage Ip create-ipv6-masks-006 ipads=ipv6 ipclient=masks ipclienttext1=0:0:0:0:0:0:0:0 ipclienttext2=0:0:0:0:0:0:0:0
#验证新建是否成功
ui-object-search-name create-ipv6-masks-006
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-ip edit-ip-007 ipv4 range 192.168.100.1 192.168.100.1
#查询修改对象
ui-object-search-name edit-ip-007
#删除对象
objects-delete

71
01-TestCase/tsg-ui/ui-objects/object-keywords-case.robot Normal file
View File

@@ -0,0 +1,71 @@
*** Settings ***
Force Tags tsg-ui objects keywords
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-keywords-prefix-001
#新建keywords
CreatePage Key create-keywords-prefix-001 keywordtext=www.*
#验证新建是否成功
ui-object-search-name create-keywords-prefix-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-keywords-sub-002
#新建keywords
CreatePage Key create-keywords-sub-002 keywordtext=1234
#验证新建是否成功
ui-object-search-name create-keywords-sub-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-keywords-exactly-003
#新建keywords
CreatePage Key create-keywords-exactly-003 keywordtext=$123456
#验证新建是否成功
ui-object-search-name create-keywords-exactly-003
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-keywords-suffix-004
#新建keywords
CreatePage Key create-keywords-suffix-004 keywordtext=*123456
#验证新建是否成功
ui-object-search-name create-keywords-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-keywords-005
#新建keywords
CreatePage Key create-keywords-suffix-004 keywordtext=*123456
#验证新建是否成功
ui-object-search-name create-keywords-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-keywords edit-keywords-005 $www.baidu.com
#查询修改对象
ui-object-search-name edit-keywords-005
#删除对象
objects-delete
create-keywords-open-16hex-006
#新建keywords
CreatePage Key create-keywords-open-16hex-006 keywordtext=*123456 hex=open
#验证新建是否成功
ui-object-search-name create-keywords-open-16hex-006
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete

61
01-TestCase/tsg-ui/ui-objects/object-url-case.robot Normal file
View File

@@ -0,0 +1,61 @@
*** Settings ***
Force Tags tsg-ui objects url
Resource ../../../03-Variable/bifangapivariable.txt
Resource ../../../02-Keyword/Tsg_Ui/Objects/ObjectPages.robot
Library OperatingSystem
Resource ../../../02-Keyword/Tsg_Ui/Objects/Objects.robot
*** Test Cases ***
create-url-prefix-001
#新建URL
CreatePage Url create-url-prefix-001 keywordtext=www.*
#验证新建是否成功
ui-object-search-name create-url-prefix-001
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-url-sub-002
#新建sub-id
CreatePage Url create-url-sub-002 keywordtext=jianshu
#验证新建是否成功
ui-object-search-name create-url-sub-002
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-url-exactly-003
#新建sub-id
CreatePage Url create-url-exactly-003 keywordtext=$www.vip.com
#验证新建是否成功
ui-object-search-name create-url-exactly-003
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
create-url-suffix-004
#新建sub-id
CreatePage Url create-url-suffix-004 keywordtext=*.com
#验证新建是否成功
ui-object-search-name create-url-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#删除对象
objects-delete
edit-url-005
#新建sub-id
CreatePage Url create-url-suffix-004 keywordtext=*.com
#验证新建是否成功
ui-object-search-name create-url-suffix-004
${text} get text xpath=//*[@id="ly-table1-listcontent"]/div/div[3]/table/tbody/tr[1]/td[1]/div/div/span/span[2]/span
log ${text}
#修改对象
object-edit-url deit-url-005 $www.baidu.com
#查询修改对象
ui-object-search-name deit-url-005
#删除对象
objects-delete

0
01-TestCase/tsg_adc/api_proxy/.gitkeep Normal file
View File

345
01-TestCase/tsg_adc/api_proxy/AllowHttpTests.robot Normal file
View File

@@ -0,0 +1,345 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Allow-Http-00001
[Tags] Allow IP FQDN DENY HTTP pxy_manipulation
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建 Deny 管控搭配Allow
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
log ${addPolicyStr}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1} ${policyIds2}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.icbc.com.cn
should contain ${commandreturn} 000
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host icbc
ProxyPolicy-allow-http-00002
[Tags] allow http IP+cat+url+请求UA+应答CT
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[ {"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001", "policyType":"tsg_security", "action":"intercept","userTags":"", "doBlacklist":0, "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add", "returnData":1, "policyList":[ {"policyId":"","isValid":1, "policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security", "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable {"opAction":"add","returnData":1,"policyList":[ {"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001", "policyType":"tsg_security", "action":"intercept","userTags":"", "doBlacklist":0, "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
#${objectids} set Variable ${object_FQDN_Id},${object_url_Id},${object_UA_Id},${object_CT_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建Redirect策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": "302",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId4},${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00002.bat
... ELSE curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center
${stringlist} Create List 美国中文网
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net
ProxyPolicy-allow-http-00003
[Tags] allow http IP+cat+url+请求CK+应答SK
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建ck对象
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
#创建SK对象
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
#创建allow策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建hijack策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00003.bat
... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
${stringlist} Create List 支付系统
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com
ProxyPolicy-allow-http-00005
[Tags] allow http fqdn+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ]"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建replace策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-replace-http-00005","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"龙支付","replace_with":"1584529953926"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00005.bat
... ELSE set variable curl -kv http://www.ccb.com/cn/home/indexv3.html
${stringlist} Create List 电子银行开通
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.ccb.com
roxyPolicy-allow-http-00008
[Tags] allow IP+FQDN+UA+SK+URL http
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建sk对象
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建Redirect策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Http-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.vip.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00008.bat
... ELSE set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/
${stringlist} Create List 美国中文网
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net
ProxyPolicy-Allow-Http-00009
[Tags] Allow IP FQDN IP+URL DENY HTTP pxy_manipulation
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["open.node.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
Comment 创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
Comment 创建 Deny 管控搭配Allow
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Deny-Http-00001","policyType":"pxy_manipulation","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"block","message":"404","code":404,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
log ${addPolicyStr}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1} ${policyIds2}
Comment 创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Allow-Http-00001","policyType":"pxy_manipulation","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"allow","protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
${starttime} Get Time
Comment 功能端验证
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://open.node.com
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

371
01-TestCase/tsg_adc/api_proxy/AllowSSLTests.robot Normal file
View File

@@ -0,0 +1,371 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-allow-ssl-00001
[Tags] allow ssl IP+FQDN+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jianshu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "mobile" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建deny策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat
... ELSE set variable curl -kv https://www.jianshu.com/mobile/club
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com
ProxyPolicy-allow-ssl-00004
[Tags] allow ssl IP+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*douyin.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "platform" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建insert策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-insert-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "insert","insert_profile": 23, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00004.bat
... ELSE set variable curl -kv https://open.douyin.com/platform
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host douyin.com
ProxyPolicy-allow-ssl-00006
[Tags] allow ssl 请求UA+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.zealer.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "register" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建monitor策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-monitor-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "monitor", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00006.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zealer.com/account/register
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zealer.com
ProxyPolicy-allow-ssl-00007
[Tags] allow ssl 应答CT+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*yhd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "passport" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00007.bat
... ELSE set variable curl -kv https://passport.yhd.com/passport/login_input.do
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host yhd.com
ProxyPolicy-allow-ssl-00009
[Tags] allow ssl Sub_id+Category+CK+CT+URL
# #创建SUB
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
# log ${object_SUB_Id}
# #删除对象
# ${objectids} set Variable ${object_SUB_Id}
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*weibo.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "weibo" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建ck对象
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SINAGLOBAL"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建deny策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat
... ELSE set variable curl -kv https://www.jianshu.com/mobile/club
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com
ProxyPolicy-allow-ssl-00010
[Tags] allow ssl IP+FQDN英文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*youtube.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建allow策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow", \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
#创建deny策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00010.bat
... ELSE set variable curl -kv https://youtube.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host youtube.com
ProxyPolicy-allow-ssl-00011
[Tags] allow ssl IP+url俄文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建allow策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-allow-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"allow", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "allow",\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 创建deny策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-ssl-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block","message":"12345","code":403, \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId4} AddPolicy ${addPolicyStr}
log ${policyId4}
${policyId5} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3},${policyId4}]}
Comment 删除所有策略
${policyIds} Create List ${policyId1} ${policyId5}
Comment 功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_allow_ssl00011.bat
... ELSE set variable curl -kv https://zakon.kz/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host zakon.kz

266
01-TestCase/tsg_adc/api_proxy/DenyHttpTests.robot Normal file
View File

@@ -0,0 +1,266 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-deny-http-00002
[Tags] deny IP+cat+url+请求UA+应答CT
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-http-00002-SecurityPolicy-Intercept-Http", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "test", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat
#${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html
${stringlist} Create List X-TG-Construct-By: tfe The requested resource could not be found but may be available again in the future test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb.com
ProxyPolicy-deny-http-00003
[Tags] deny IP+cat+url+请求CK+应答SK验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建ck对象
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
#创建SK对象
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "Русскийязык", "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat
... ELSE set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
#This request may not be serviced due to the regulations of your residency (TFE-2867:Русскийязык).
#${stringlist} Create List Русскийязык
${stringlist} Create List X-TG-Construct-By: tfe Error 451 This request may not be serviced due to the regulations of your residency (TFE Русскийязык).
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com
ProxyPolicy-deny-http-00006
[Tags] deny fqdn+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat
... ELSE set variable curl -kv http://www.xiaozhu.com/#ongo/
#${stringlist} Create List 404
${stringlist} Create List X-TG-Construct-By: tfe 对不起,您请求的页面不存在、或已被删除、或暂时不可用 404-对不起!您访问的页面不存在
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.xiaozhu.com
ProxyPolicy-deny-http-00009
[Tags] deny 请求body+url selfserver
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "body" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId} , "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=body&setCookie=set-cookie&resBody=Response Body" http://open.node.com/action
${stringlist} Create List - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-deny-http-00013
[Tags] deny 请求body中文+url selfserver
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "明天你好" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "404NotFind", "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action | iconv -f utf-8 -t gbk
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=明天你好&setCookie=set-cookie&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} Create List Error 404 The requested resource could not be found but may be available again in the future (TFE 404NotFind).
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

409
01-TestCase/tsg_adc/api_proxy/DenySSLTests.robot Normal file
View File

@@ -0,0 +1,409 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy Proxy_Deny_SSL
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-deny-ssl-00001
[Tags] deny IP+FQDN+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*lianjia.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ershoufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "message": "123456", "code":403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat
... ELSE set variable curl -kv https://bj.lianjia.com/ershoufang/
${stringlist} Create List 403 Forbidden Tango Secure Gateway CA Access Denied <small>Error 403 The requested resource requires an authentication (TFE 123456).
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host lianjia.com
ProxyPolicy-deny-ssl-00004
[Tags] deny IP+FQDN+应答body
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ke.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "zufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "北京贝壳网" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_RES_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_deny_ssl00004.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_deny_ssl00004.bat
... ELSE set variable curl -kv https://bj.zu.ke.com/zufang
${stringlist} Create List Tango Secure Gateway CA TLSv1.2 (IN), TLS alert, close notify (256)
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host bj.zu.ke.com
ProxyPolicy-deny-ssl-00005
[Tags] deny ip+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat
... ELSE set variable curl -kv https://www.toutiao.com/ch/news_hot/
${stringlist} Create List Tango Secure Gateway CA - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.toutiao.com
ProxyPolicy-deny-ssl-00007
[Tags] deny 请求UA+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 451,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/
${stringlist} Create List Tango Secure Gateway CA 451 Unavailable For Legal Reasons X-TG-Construct-By: tfe 404 sorry! The page you visited does not exist
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.gamersky.com
ProxyPolicy-deny-ssl-00008
[Tags] deny 应答CT+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*nationalbank.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "nationalbank" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 403,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat
... ELSE set variable curl -kv https://nationalbank.kz/
${stringlist} Create List Tango Secure Gateway CA 403 Forbidden X-TG-Construct-By: tfe 404 sorry! The page you visited does not exist
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host nationalbank.kz
ProxyPolicy-deny-ssl-00010
[Tags] deny SUB+fqdn
#创建SUB
#${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#log ${object_SUB_Id}
#删除对象
#${objectids} set Variable ${object_SUB_Id}
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*weibo.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation", "action":"deny","userTags":"","doBlacklist":0,"doLog":1, "userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] }
... ELSE set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"ProxyPolicy-deny-Https-00010","policyType":"pxy_manipulation","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"userRegion":{ "method": "block", "html_profile": ${profiledId}, "code": 404,"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证证书问题
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory
${stringlist} Create List Tango Secure Gateway CA 404 X-TG-Construct-By: tfe The page you visited does not exist
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host weibo.com
ProxyPolicy-deny-ssl-00011
[Tags] deny ip+fqdn(英文)
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*facebook.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00011.bat
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00011.bat
... ELSE set variable curl -kv https://www.facebook.com/
${stringlist} Create List Tango Secure Gateway CA - 404, простите!  страница, к которой вы пришли, не существует Извините, запрошенная страница не существует или была удалена или временно недоступна
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host facebook.com
ProxyPolicy-deny-ssl-00012
[Tags] deny fqdn+url(俄文)
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*rutube.ru" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "rutube" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} set Variable ${object_FQDN_Id},${object_url_Id}
#新增DenyResponsfile
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404russian.html resPages
${profiledId} Get From Dictionary ${response} profileId
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-deny-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"deny", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "block", "html_profile":${profiledId}, "code": 404,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00012
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-deny-ssl-00012.bat
... ELSE set variable curl -kv https://rutube.ru/
#curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=text/html;charset=utf-8&resBody=Response Body" https://open.node.com/action
${stringlist} Create List Tango Secure Gateway CA - 404 запрошенная страница не существует или была удалена или временно недоступна
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host rutube.ru

204
01-TestCase/tsg_adc/api_proxy/HijackHttpTests.robot Normal file
View File

@@ -0,0 +1,204 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-hijack-http-00002
[Tags] hijack http IP+cat+url+请求UA+应答CT
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.sinovision.net" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ss", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "sinovision" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":163, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00002.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center
${stringlist} Create List qwerrrrrrrrr
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net
ProxyPolicy-hijack-http-00003
[Tags] hijack http IP+cat+url+请求CK+应答SK
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建ck对象
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
#创建SK对象
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":165, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00003.bat
... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
${stringlist} Create List 1950
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com
ProxyPolicy-hijack-http-00005
[Tags] hijack http fqdn+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-http-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 167, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_http00005.bat
... ELSE set variable curl -kv http://www.ccb.com/cn/home/indexv3.html
${stringlist} Create List 4.png
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.ccb.com
ProxyPolicy-Hijack-Http-00006
[Tags] Hijack Fqdn_Url_UA_SC
#png
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-Http-00001.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center
${stringlist} Create List zmmpng
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net

608
01-TestCase/tsg_adc/api_proxy/HijackSSLTests.robot Normal file
View File

@@ -0,0 +1,608 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-hijack-ssl-00001
[Tags] hijack ssl IP+FQDN+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jianshu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_js", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "mobile" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00001.bat
... ELSE set variable curl -kv https://www.jianshu.com/mobile/club
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host jianshu.com
ProxyPolicy-hijack-ssl-00004
[Tags] hijack ssl IP+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*douyin.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "platform" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 159, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00004.bat
... ELSE set variable curl -kv https://open.douyin.com/platform
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host douyin.com
ProxyPolicy-hijack-ssl-00006
[Tags] hijack ssl 请求UA+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.zealer.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "register" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00006.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zealer.com/account/register
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zealer.com
ProxyPolicy-hijack-ssl-00007
[Tags] hijack ssl 应答CT+url验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*yhd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_yhd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_ydh", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "passport" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile":171,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00007.bat
... ELSE set variable curl -kv https://passport.yhd.com/passport/login_input.do
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host yhd.com
ProxyPolicy-hijack-ssl-00008
[Tags] hijack ssl fqdn+url验证英文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$twitter.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_dy", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "twitter.com/login" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 161, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00008.bat
... ELSE set variable curl -kv https://twitter.com/login
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host twitter.com
ProxyPolicy-hijack-ssl-00009
[Tags] hijack ssl 请求UA+url验证俄文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*tengrinews.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "tengrinews.kz/zakon/" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-hijack-ssl-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "hijack", "hijack_profile": 169, \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_hijack_ssl00009.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://tengrinews.kz/zakon/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host tengrinews.kz
ProxyPolicy-Hijack-SSL-00010
[Tags] Hijack SSL
#apk
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sogou.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00001.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://wap.sogou.com/
${stringlist} Create List qwerrrrrrrrr
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com
ProxyPolicy-Hijack-SSL-00011
[Tags] Hijack
#html
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou.co"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SUV="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"appObj"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00002.bat
... ELSE set variable curl -kv --cookie "SUV=001417487B769DD85B65253149725433; SMYUV=1533629990235795; SUID=B30E65757C20940A000000005B6AF061; pgv_pvi=8797682688; ssuid=8017562563; tv_play_records=tvshow_2279123:20190405; LSTMV=312%2C176; LCLKINT=1391;" --referer 'http://www.baidu.com/' https://wap.sogou.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com
ProxyPolicy-Hijack-SSL-00012
[Tags] Hijack SSL
#apk
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*acebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["aceboo"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00003.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.facebook.com/
${stringlist} Create List qwerrrrrrrrr
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com
ProxyPolicy-Hijack-SSL-00013
[Tags] Hijack
#html
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*facebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["datr="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00004.bat
... ELSE set variable curl -kv --cookie "fr=1yqofX6H5I9WihUHa..BegZGb.Ys.AAA.0.0.BegZGb.AWVMft0q; sb=m5GBXgM_o5OnaHBUE8Rrh3tM; datr=m5GBXjkoNsYzxI4ZBI3bAOYw; wd=2058x468" --referer 'http://www.baidu.com/' https://www.facebook.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com
ProxyPolicy-Hijack-SSL-00014
[Tags] Hijack SSL
#apk
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*akon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
#${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_SC_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00005.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zakon.kz/
${stringlist} Create List qwerrrrrrrrr
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz
ProxyPolicy-Hijack-SSL-00015
[Tags] Hijack
#html
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.zakon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["www.zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} set Variable ${object_Cat_Id},${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["__auc="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} set Variable ${object_Cat_Id},${object_URL_id},${object_CK_id} ,${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-Hijack-SSL-00006.bat
... ELSE set variable curl -kv --cookie "__auc=872f19501711ae0020cae00e8d8; _ym_d=1585293823; _ym_uid=15852938231061175569; _ga=GA1.2.1046919061.1585293826; __gads=ID=1b694b3cc49e99df:T=1585293826:S=ALNI_MZIjruz8AFwPRVc6EuwOUp6UG2wyg; _zero_cc=z5e7daa056eb62; tmr_lvid=212dae53346bc4dd7232880a9834c5ac; tmr_lvidTS=1585293841169; GN_USER_ID_KEY=b8fa7cfc-aa09-4bf0-9312-e83d0a3e5448; tmr_reqNum=4; rel_val=600000; __asc=ea27801f1712a24de07f712cb52; _zero_ss=5e8192a7c0fff.1585549991.1585549991.1; _gid=GA1.2.1300673287.1585549992; _gat_gtag_UA_19108819_1=1" --referer 'http://www.baidu.com/' https://www.zakon.kz/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz

121
01-TestCase/tsg_adc/api_proxy/InsertHttpTests.robot Normal file
View File

@@ -0,0 +1,121 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_event
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
Library Custometest
*** Test Cases ***
ProxyPolicy-insert-Http-js-00001
[Tags] insert
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3562,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":181,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":8510,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":8511,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8507,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":8508,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-png-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-Http-00001.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?mod=center
${stringlist} Create List RQ_SCRIPT
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net
ProxyPolicy-insert-Http-css-00002
[Tags] insert
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.sinovision.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_Cat_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ls_sinovision","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sinovision"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sin_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["oKD0_802a"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
#${objectids} set Variable ${object_Subid_Id},${object_Cat_Id},${object_URL_id},${object_CK_id},${object_SC_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-San_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":183,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-Http-exe-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-Http-00002.bat
... ELSE set variable curl -kv --cookie "oKD0_802a_saltkey=GssJU4vd; oKD0_802a_lastvisit=1583299284; oKD0_802a_pvi=656927416; _ga=GA1.2.2008992591.1583302924; __qca=P0-416369031-1583302925459; oKD0_802a_chinacountry=1; oKD0_802a_si=s75975888; zh_choose=n; __gads=ID=9674dfcbea12038e:T=1585059647:S=ALNI_MYPPZN5Z_UthuylbEOqR-zno5YoHg; oKD0_802a_application_clientip=111.201.144.161; oKD0_802a_sid=va7jUV; oKD0_802a_lastact=1585234917%09portal.php%09index" --referer 'http://www.baidu.com/' http://www.sinovision.net/portal.php?
${stringlist} Create List RQ_SCRIPT
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.sinovision.net

346
01-TestCase/tsg_adc/api_proxy/InsertSSLTest.robot Normal file
View File

@@ -0,0 +1,346 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_event
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
Library Custometest
*** Test Cases ***
ProxyPolicy-insert-SSL-js-00001
[Tags] insert SSL
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_sogou.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00001.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://wap.sogou.com/
${stringlist} Create List RQ_SCRIPT
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com
ProxyPolicy-insert-SSL-css-00002
[Tags] insert
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["sogou.co"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["SUV="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":293,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00002.bat
... ELSE set variable curl -kv --cookie "SUV=001417487B769DD85B65253149725433; SMYUV=1533629990235795; SUID=B30E65757C20940A000000005B6AF061;" --referer 'http://www.baidu.com/' https://wap.sogou.com/
${stringlist} Create List Tango Secure Gateway CA
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host wap.sogou.com
ProxyPolicy-insert-SSL-js-00003
[Tags] insert
#apk
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*acebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["aceboo"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00003.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.facebook.com/
${stringlist} Create List RQ_SCRIPT
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com
ProxyPolicy-insert-SSL-css-00004
[Tags] insert
#html
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*facebook.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["datr="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00004.bat
... ELSE set variable curl -kv --cookie "fr=1yqofX6H5I9WihUHa..BegZGb.Ys.AAA.0.0.BegZGb.AWVMft0q; sb=m5GBXgM_o5OnaHBUE8Rrh3tM; datr=m5GBXjkoNsYzxI4ZBI3bAOYw; wd=2058x468" --referer 'http://www.baidu.com/' https://www.facebook.com/
${stringlist} Create List RQ_SCRIPT
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.facebook.com
ProxyPolicy-insert-SSL-js-00005
[Tags] insert
#apk
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_facebook","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*akon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象 URL
${rescodeip} ${object_URL_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建对象 UA
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建对象 SC
#${rescodeip} ${object_SC_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_weibo_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["facebook"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_SC_Id}
#${objectids} set Variable ${object_FQDN_Id},${object_URL_Id},${object_UA_Id},${object_SC_Id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3331,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-apk-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":185,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":3563,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":8512,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":3577,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00005.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.zakon.kz/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz
ProxyPolicy-insert-SSL-css-00006
[Tags] insert
#html
#创建对象SubID
#${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Subid_Id}
#${objectids} set Variable ${object_Subid_Id}
#创建对象 Category
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*www.zakon.kz"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_Cat_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_lj_www.zakon","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["zakon"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ld_weibo_ck","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["auc="],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
#${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建 拦截策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_Sub+Cat","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":3329,"protocolFields":[]},{"objectId":3563,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-weibo_IP+FQDN","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建管控策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":5887,"protocolFields":[]},{"objectId":3579,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":3565,"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":3575,"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":6639,"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"hijack","hijack_profile":187,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Hijack-SSL-html-00002","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"insert","insert_profile":229,"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
${policyIds2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2}]}
${policyIds} Create List ${policyIds1} ${policyIds2}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_IP_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy-insert-SSL-00006.bat
... ELSE set variable curl -kv --cookie "__auc=872f19501711ae0020cae00e8d8; _ym_d=1585293823; _ym_uid=15852938231061175569; _ga=GA1.2.1046919061.1585293826; __gads=ID=1b694b3cc49e99df:T=1585293826:S=ALNI_MZIjruz8AFwPRVc6EuwOUp6UG2wyg; _zero_cc=z5e7daa056eb62; tmr_lvid=212dae53346bc4dd7232880a9834c5ac; tmr_lvidTS=1585293841169; GN_USER_ID_KEY=b8fa7cfc-aa09-4bf0-9312-e83d0a3e5448; tmr_reqNum=4; rel_val=600000; __asc=ea27801f1712a24de07f712cb52; _zero_ss=5e8192a7c0fff.1585549991.1585549991.1; _gid=GA1.2.1300673287.1585549992; _gat_gtag_UA_19108819_1=1" --referer 'http://www.baidu.com/' https://www.zakon.kz/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId2}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.zakon.kz

166
01-TestCase/tsg_adc/api_proxy/RedirectHttpTests.robot Normal file
View File

@@ -0,0 +1,166 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy #Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/PolicyObjectDefault.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Redirect-http-00002
[Tags] Redirect IP+cat+url+请求UA+应答CT
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#新界面提交内容 {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":8718,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8720,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2]}}
#修改前备份${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP","protocol_version":{"allow_http2":0, "min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0, "protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through", "approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}]}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","isValid":1,"policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"scheduleId":[],"appObjectIdArray":[2]}]}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_cb", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ccb.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.jd.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat
#${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00002.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ccb.com/cn/home/indexv3.html
#${stringlist} Create List 业务申请
${stringlist} Create List Host: www.ccb.com 302 Found Location: https://www.jd.com/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ccb.com
ProxyPolicy-Redirect-http-00003
[Tags] Redirect IP+cat+url+请求CK+应答SK验证
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-http-00003-SecurityPolicy", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-http-00003-SecurityPolicy", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "xiao" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建ck对象
${rescodeip} ${object_CK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["collina"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
#创建SK对象
${rescodeip} ${object_SK_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_SK","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_CK_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SK_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat
#${commandstr} set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00003.bat
... ELSE set variable curl -kv --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
#${stringlist} Create List 手机小猪
${stringlist} Create List Host: www.xiaozhu.com Referer: http://www.baidu.com/ 301 Moved Permanently Location: https://open.douyin.com/platform
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com
ProxyPolicy-Redirect-http-00006
[Tags] Redirect fqdn+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP"}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.toutiao.com/ch/news_hot/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat
#${commandstr} set variable curl -kv http://www.xiaozhu.com/#ongo/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_http00006.bat
... ELSE set variable curl -kv http://www.xiaozhu.com/#ongo/
#@{stringlist} set variable 短信快捷登录 html
${stringlist} Create List Host: www.xiaozhu.com 302 Found Location: https://www.toutiao.com/ch/news_hot/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.xiaozhu.com

437
01-TestCase/tsg_adc/api_proxy/RedirectSSLTests.robot Normal file
View File

@@ -0,0 +1,437 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Redirect-ssl-00001
[Tags] Redirect IP+FQDN+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*lianjia.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Https-00001","policyType":"tsg_security","action":"intercept","userTags":"${Default_UserTags}","doBlacklist":0,"doLog":1,"policyDesc":"${Default_PolicyDesc} ","effectiveRange":{"tag_sets":[[{"tag":"Location","value":["Almaty"],"ids":[2]},{"tag":"ISP","value":["transtel","tnsplus"],"ids":[5,6]}],[{"tag":"Location","value":["Nursurtan"],"ids":[3]},{"tag":"ISP","value":["ktel-mask","ktel-bng","ktel-mxpe"],"ids":[7,8,9]}]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":8718,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8716,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8719,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":8742,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[7],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_lj", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ershoufang" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.bytedance.com/zh", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat
#${commandstr} set variable curl -kv https://bj.lianjia.com/ershoufang/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00001.bat
... ELSE set variable curl -kv https://bj.lianjia.com/ershoufang/
${stringlist} Create List Tango Secure Gateway CA Host: bj.lianjia.com 302 Found Location: https://www.bytedance.com/zh
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host lianjia.com
ProxyPolicy-Redirect-ssl-00004
[Tags] Redirect IP+FQDN+请求body selfserver
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "123456" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ {"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},\ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://live.gushidaoshi.com/rank", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00004.bat
#${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00004.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 301 Moved Permanently Location: http://live.gushidaoshi.com/rank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-ssl-00005
[Tags] Redirect ip+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.toutiao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat
#${commandstr} set variable curl -kv https://www.toutiao.com/ch/news_hot/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00005.bat
... ELSE set variable curl -kv https://www.toutiao.com/ch/news_hot/
${stringlist} Create List Tango Secure Gateway CA Host: www.toutiao.com 302 Found Location: http://video.cnfol.com/wptzj/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.toutiao.com
ProxyPolicy-Redirect-ssl-00007
[Tags] Redirect 请求UA+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_gk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "gamersky.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "http://video.cnfol.com/wptzj/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat
#${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00007.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.gamersky.com/news/
${stringlist} Create List Tango Secure Gateway CA Host: www.gamersky.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 301 Moved Permanently Location: http://video.cnfol.com/wptzj/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host www.gamersky.com
ProxyPolicy-Redirect-ssl-00008
[Tags] Redirect 应答CT+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*nationalbank.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_nk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "nationalbank" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat
#${commandstr} set variable curl -kv https://nationalbank.kz/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00008.bat
... ELSE set variable curl -kv https://nationalbank.kz/
${stringlist} Create List Tango Secure Gateway CA Host: nationalbank.kz 302 Found Location: https://open.douyin.com/platform/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host nationalbank.kz
ProxyPolicy-Redirect-ssl-00009
[Tags] Redirect 请求body+url selfserver
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "123456" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00009.bat
#${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00009.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=123456&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 301 Moved Permanently Location: https://open.douyin.com/platform/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-ssl-00010
[Tags] Redirect IP+cat+url+请求UA+应答CT英文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*twitch.tv" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "directory" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建UA对象
${rescodeip} ${object_UA_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
#创建CT对象
${rescodeip} ${object_CT_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://vk.com/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CT_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]},{"objectId":${object_UA_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat
#${commandstr} set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00010.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://www.twitch.tv/directory
${stringlist} Create List Tango Secure Gateway CA Host: www.twitch.tv User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 302 Found Location: https://vk.com/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host twitch.tv
ProxyPolicy-Redirect-ssl-00011
[Tags] Redirect IP+FQDN+url俄文
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zakon.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_tt", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.zakon.kz/top_news/" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://www.nur.kz/", "code": 301,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00011.bat
#${commandstr} set variable curl -kv https://www.zakon.kz/top_news/
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00011.bat
... ELSE set variable curl -kv https://www.zakon.kz/top_news/
${stringlist} Create List Tango Secure Gateway CA Host: www.zakon.kz 301 Moved Permanently Location: https://www.nur.kz/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host zakon.kz
ProxyPolicy-Redirect-ssl-00012
[Tags] Redirect selfserver 请求body俄文+url
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*open.node.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建安全策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "action" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建body对象
${rescodeip} ${object_body_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"keywords", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_body_bk", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "рускйсекс" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "12312" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_body_Id}
#创建管控策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"ProxyPolicy-Redirect-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"pxy_manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "action":"manipulation", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ "method": "redirect", "to": "https://open.douyin.com/platform/", "code": 302,\ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_body_Id},"protocolFields":["TSG_FIELD_HTTP_REQ_CONTENT"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
#${commandstr} set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00012.bat
#${commandstr} set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Redirect_ssl00012.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=рускйсекс&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action
${stringlist} Create List Tango Secure Gateway CA Host: open.node.com 302 Found Location: https://open.douyin.com/platform/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

164
01-TestCase/tsg_adc/api_proxy/ReplaceHttpTests.robot Normal file
View File

@@ -0,0 +1,164 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Proxy_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${PolicyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Replace-http-00001
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*zhu.com","subObjectIds":[],"addItemList":[{"keywordArray":["*zhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
#创建安全策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_xiaozhu.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["xiaozhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"fangzi","replace_with":"mao"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00001.bat
... ELSE set variable curl -kv http://sz.xiaozhu.com/fangzi/6257935516.html
${stringlist} Create List mao
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu.com
ProxyPolicy-Replace-http-00002
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00002_fqdn","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ya.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
#创建安全策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00002","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_ly.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["ya.cn"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_body","find":"天涯","replace_with":"海角"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00002.bat
... ELSE set variable curl -kv http://www.tianya.cn/
${stringlist} Create List 海角
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host tianya.cn
ProxyPolicy-Replace-http-00003
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*cn.com","subObjectIds":[],"addItemList":[{"keywordArray":["*cn.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
#创建安全策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_miercn.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["miercn.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_header","find":"a","replace_with":"b"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00003.bat
... ELSE set variable curl -kv http://military.miercn.com/
${stringlist} Create List b
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host miercn.com
ProxyPolicy-Replace-http-00004
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_proxypolicy_replace_00001_fqdn","objectDesc":"*room.com","subObjectIds":[],"addItemList":[{"keywordArray":["*room.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
#创建安全策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Intercept-Http-00001","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除安全策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建管控对象url
${rescodeip} ${object_url_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"yyq_url_ziroom.com","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["ziroom.com/life"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建管控策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"ProxyPolicy-Replace-Http-00001","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_resp_header","find":"UTF-8","replace_with":"utf-8"}],"protocol":"HTTP"},"isValid":1,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_url_Id},"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}
${rescode} ${policyId3} AddPolicy ${addPolicyStr}
log ${policyId3}
${policyId2} set variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
#删除所有策略
${policyIds} Create List ${policyId1} ${policyId2}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/ProxyPolicy_Replace_http00004.bat
... ELSE set variable curl -kv http://www.ziroom.com/life/index
${stringlist} Create List utf-8
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ziroom.com

30
01-TestCase/tsg_adc/api_security/AllowHttpTests.robot
View File

@@ -19,15 +19,17 @@ SecurityPolicy-Allow-Http-00001
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建 Deny 搭配Allow
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
log ${addPolicyStr}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
log ${policyId1}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建allow策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
@@ -47,25 +49,25 @@ SecurityPolicy-Allow-Http-00001
SecurityPolicy-Allow-Http-00002
[Tags] Allow SubID Category DENY HTTP
#创建对象Subid
${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Subid_Id}
${objectids} set Variable ${object_Subid_Id}
# #创建对象Subid
# ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Subid_Id}
# ${objectids} set Variable ${object_Subid_Id}
#创建对象Categry
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","objectSubType":"","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"SecurityPolicy-Allow-Http-00002-Categry","objectDesc":"autotest","subObjectIds":[],"addItemList":[{"keywordArray":["*www.ccb.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Category_Id}
${objectids} set Variable ${object_Subid_Id},${object_Category_Id}
${objectids} set Variable ${object_Category_Id}
#创建 Deny 搭配Allow
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002_deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
log ${addPolicyStr}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
log ${policyId1}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00002","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
@@ -92,15 +94,17 @@ SecurityPolicy-Allow-Http-00003
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建 Deny 搭配Allow
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003_Deny","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
log ${addPolicyStr}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
log ${policyId1}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建allow策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00001","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Allow-Http-00003","policyType":"tsg_security","action":"allow","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP"},"referenceObject":[],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds2} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}

44
01-TestCase/tsg_adc/api_security/AllowSSLTests.robot
View File

@@ -1,7 +1,7 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
@@ -13,23 +13,25 @@ ${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Allow-SSL-00001
[Tags] Allow IP FQDN DENY HTTP
#创建对象IP
#创建对象 IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象FQDN
#创建对象 FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_FQDN_icbc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ww.sogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建 Deny 搭配Allow
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
log ${addPolicyStr}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
log ${policyId1}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}} \
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}} \
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
@@ -45,28 +47,30 @@ SecurityPolicy-Allow-SSL-00001
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni icbc
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.sogou.com
SecurityPolicy-Allow-SSL-00002
[Tags] Allow SubID Category DENY HTTP
#创建对象Subid
${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Subid_Id}
${objectids} set Variable ${object_Subid_Id}
# #创建对象Subid
# ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Subid_Id}
# ${objectids} set Variable ${object_Subid_Id}
#创建对象Categry
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_category","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*arch.jd.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_category","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*jd.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Category_Id}
${objectids} set Variable ${object_Subid_Id},${object_Category_Id}
${objectids} set Variable ${object_Category_Id}
#创建 Deny 搭配Allow
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00001_deny","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Category_Id} ,"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
log ${addPolicyStr}
${rescode} ${policyId1} AddPolicy ${addPolicyStr}
log ${policyId1}
${policyIds} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyName":"SecurityPolicy-Allow-SSL-00002","policyType":"tsg_security","action":"allow","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
log ${policyId2}
${policyIds1} set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]}
@@ -78,10 +82,10 @@ SecurityPolicy-Allow-SSL-00002
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ http://www.ccb.com
${commandreturn} OperatingSystem.Run curl -I \ -m \ 10 \ -o \ /dev/null \ -s \ -w \ \ \%{http_code} \ \ https://www.jd.com/
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni icbc
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com

37
01-TestCase/tsg_adc/api_security/DenyDNSTests.robot
View File

@@ -5,7 +5,6 @@ Library OperatingSystem #Test Setup Login #Test Teardown L
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Library Custometest
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
*** Test Cases ***
@@ -14,13 +13,14 @@ SecurityPolicy-Deny-DNS-00001
#创建对象 IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象 FQDN
#创建对象 FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Deny_fqdn_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$www.ziroom.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"drop"},"referenceObject":[{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -31,28 +31,29 @@ SecurityPolicy-Deny-DNS-00001
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${commandstr} set variable nslookup -d www.ziroom.com
${stringlista} set variable 超时
${stringlista} set variable 超时
${stringlist} Create List ${stringlista}
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname ziroom
SecurityPolicy-Deny-DNS-00002
[Tags] Deny Sub_Category
#创建对象 Sub
${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Sub_Id}
${objectids} set Variable ${object_Sub_Id}
# #创建对象 Sub
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Sub_Id}
# ${objectids} set Variable ${object_Sub_Id}
#创建对象 Cat
${rescodeip} ${object_Cat_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Cat_smsp","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$smspunch.net"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Cat_Id}
${objectids} set Variable ${object_Sub_Id},${object_Cat_Id}
${objectids} set Variable ${object_Cat_Id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}]},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}]},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -63,12 +64,12 @@ SecurityPolicy-Deny-DNS-00002
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${commandstr} set variable nslookup -d www.smspunch.net
@{stringlist} set variable www.ly.com
${rescode} SystemCommands ${commandstr} @{stringlist}
#@{stringlist} set variable www.ly.com
${stringlista} set variable 超时
${stringlist} Create List ${stringlista}
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname smspunch

92
01-TestCase/tsg_adc/api_security/DenyFtpTests.robot
View File

@@ -1,7 +1,7 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
@@ -10,17 +10,18 @@ Library Custometest
*** Test Cases ***
SecurityPolicy-Deny-FTP-00001
[Tags] Deny Sub_Account
#创建对象 Sub
${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Sub_Id}
${objectids} set Variable ${object_Sub_Id}
#创建对象 Account
# #创建对象 Sub
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Sub_Id}
# ${objectids} set Variable ${object_Sub_Id}
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Sub_Id},${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -31,7 +32,7 @@ SecurityPolicy-Deny-FTP-00001
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} Deny Success
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -50,10 +51,11 @@ SecurityPolicy-Deny-FTP-00002
#创建对象 Content
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"ZMM_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Content_id}
${objectids} set Variable ${object_URI_Id},${object_Content_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -65,7 +67,7 @@ SecurityPolicy-Deny-FTP-00002
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 下载
should contain ${FTP} Deny Success
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -79,8 +81,9 @@ SecurityPolicy-Deny-FTP-00003
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -91,11 +94,64 @@ SecurityPolicy-Deny-FTP-00003
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} Deny Success
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-Deny-FTP-00004
[Tags] Deny Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP_login ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" Graphical (Xorg) program starter for ADRIANE
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-Deny-FTP-00005
[Tags] Deny Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-FTP-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#${rescode} ${policyId} AddPolicy {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-DNS-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"AAAA","answer":[{"atype":"AAAA","value":"e061:82db:c37e:e8c5:c8ab:eab8:5a76:04a9","ttl":{"min":300,"max":300}},{"atype":"CNAME","value":"www.ly.com","ttl":{"min":300,"max":300}}]}],"keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_Cat_Id},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP_down ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt -u"anonymous:chrome@example.com" 435814 zmmtext123.txt
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt

54
01-TestCase/tsg_adc/api_security/DenyHttpTests.robot
View File

@@ -1,11 +1,10 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Library Custometest
*** Test Cases ***
SecurityPolicy-Deny-HTTP-00001
@@ -13,25 +12,26 @@ SecurityPolicy-Deny-HTTP-00001
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象Category
#创建对象 Category
${rescodeip} ${object_Category_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_cat_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*oom.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Category_Id}
${objectids} set Variable ${object_Category_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_url-ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["www.ziroom.com/li*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
${objectids} set Variable ${object_Category_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象UA
${rescode_deny} ${object_UA_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ua_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_UA_id}
${objectids} set Variable ${object_Category_Id},${object_URL_id},${object_UA_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_id}
#创建对象CT
${rescode_deny} ${object_CT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ct_ziroom","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CT_id}
${objectids} set Variable ${object_Category_Id},${object_URL_id},${object_UA_id},${object_CT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"drop"},"referenceObject":[{"objectId":${object_Category_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_UA_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_CT_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -40,41 +40,45 @@ SecurityPolicy-Deny-HTTP-00001
#log ${rescode}
#log ${policyId}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
#Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${commandreturn} OperatingSystem.Run curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
should not contain ${commandreturn} 营业执照
Sleep ${policyLogVerificationSleepSeconds}s
# ${commandreturn} run keyword if '${systemType}'=='Windows' OperatingSystem.Run curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
# ... ELSE OperatingSystem.Run curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ziroom.com/life/index
# should not contain ${commandreturn} 营业执照
#Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ziroom
#GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host ziroom
GetLogList security_event_log 2020-04-15 19:22:01 2020-04-15 19:23:22 ${testClentIP} 4906 http_host open.node.com
#{"value":["2020-04-15 18:50:57","2020-04-15 19:00:53"],"symbol":"between","field":"common_recv_time","type":"timestamp"}]
SecurityPolicy-Deny-HTTP-00002
[Tags] Deny Fqdn_Url_CK_SC
#创建对象SubID
${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Subid_Id}
${objectids} set Variable ${object_Subid_Id}
# #创建对象SubID
# ${rescode} ${object_Subid_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Subid_Id}
# ${objectids} set Variable ${object_Subid_Id}
#创建对象FQDN
${rescodeip} ${object_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_xiaozhu_fqdn","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*zhu.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_FQDN_Id}
${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id}
${objectids} set Variable ${object_FQDN_Id}
#创建对象URL
${rescode_deny} ${object_URL_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_xiaozhu_url","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ozhu.com/"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_URL_id}
${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_id}
#创建对象CK
${rescode_deny} ${object_CK_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_xiaozhu_cookie","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192"],"isHexbin":0,"district":"Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CK_id}
${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_id}
#创建对象SC
${rescode_deny} ${object_SC_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_sc","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SC_id}
${objectids} set Variable ${object_Subid_Id},${object_FQDN_Id},${object_URL_id},${object_CK_id},${object_SC_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SC_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"rst","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"rst","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"rst","keyring":1},"referenceObject":[{"objectId":${object_Subid_Id},"protocolFields":[]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"rst"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Http-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"HTTP","method":"rst"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_FQDN_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":${object_URL_id},"protocolFields":["TSG_FIELD_HTTP_URL"]},{"objectId":${object_CK_id},"protocolFields":["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_SC_id},"protocolFields":["TSG_FIELD_HTTP_RES_HDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -84,11 +88,11 @@ SecurityPolicy-Deny-HTTP-00002
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${commandreturn} OperatingSystem.Run curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
${commandreturn} run keyword if '${systemType}'=='Windows' OperatingSystem.Run curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
... ELSE OperatingSystem.Run curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
should contain ${commandreturn} 403
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host xiaozhu

87
01-TestCase/tsg_adc/api_security/DenyMailTests.robot
View File

@@ -1,18 +1,16 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem #Test Setup Login #Test Teardown Logout
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
Library custometest
Resource ../../02-Keyword/tsg-ui/StmpHandle2.robot
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
Library Custometest
*** Test Cases ***
SecurityPolicy-Deny-Mail-00001
[Tags] Deny URI_Content
#创建对象 Sub
#创建对象 Sub
#${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_Sub_Id}
#${objectids} set Variable ${object_Sub_Id}
@@ -21,8 +19,9 @@ SecurityPolicy-Deny-Mail-00001
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"rst","code":""},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"rst","code":""},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"rst","code":""},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"rst","code":""},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"rst","code":""},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -34,7 +33,7 @@ SecurityPolicy-Deny-Mail-00001
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${mail} EmailLogin smtp.163.com 25 z1343921421z@163.com QKCEUFAJJRZLJKQE
should contain ${mail} fail
should contain ${mail} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -46,33 +45,34 @@ SecurityPolicy-Deny-Mail-00002
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象 Subject
${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Subject_Id}
${objectids} set Variable ${object_Subject_Id}
# #创建对象 Subject
# ${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
# log ${object_Subject_Id}
# ${objectids} set Variable ${object_Subject_Id}
#创建对象 Content
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明content"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Content_id}
${objectids} set Variable ${object_Subject_Id},${object_Content_id}
${objectids} set Variable ${object_Content_id}
#创建对象 Att_name
${rescode_deny} ${object_Att_name_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_ATT_Name","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明测试文件"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Att_name_id}
${objectids} set Variable ${object_Subject_Id},${object_Content_id},${object_Att_name_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Att_name_id}
#创建对象 att_content
${rescode_deny} ${object_att_content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明测试文件内容"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_att_content_id}
${objectids} set Variable ${object_Subject_Id},${object_Content_id},${object_Att_name_id},${object_att_content_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_att_content_id}
#创建对象 From
${rescode_deny} ${object_From_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_from","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1343921421z@163.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_From_id}
${objectids} set Variable ${object_Subject_Id},${object_Content_id},${object_Att_name_id},${object_att_content_id},${object_From_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_From_id}
#创建对象 to
${rescode_deny} ${object_to_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_to","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1789327568z@163.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_to_id}
${objectids} set Variable ${object_Subject_Id},${object_Content_id},${object_Att_name_id},${object_att_content_id},${object_From_id},${object_to_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_to_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -92,7 +92,7 @@ SecurityPolicy-Deny-Mail-00002
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -100,17 +100,17 @@ SecurityPolicy-Deny-Mail-00002
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-Deny-Mail-00003
[Tags] Deny Subject
[Tags] Deny Subject AloneObject
#创建对象IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#创建对象 Subject
${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Subject_Id}
${objectids} set Variable ${object_Subject_Id}
# #创建对象 Subject
# ${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["朱明明subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
# log ${object_Subject_Id}
# ${objectids} set Variable ${object_Subject_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00003","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00003","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -130,7 +130,7 @@ SecurityPolicy-Deny-Mail-00003
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -148,7 +148,8 @@ SecurityPolicy-Deny-Mail-00004
${objectids} set Variable ${object_Content_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00004","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00004","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00004","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -168,7 +169,7 @@ SecurityPolicy-Deny-Mail-00004
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -186,7 +187,8 @@ SecurityPolicy-Deny-Mail-00005
${objectids} set Variable ${object_Att_name_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00005","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00005","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00005","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -206,7 +208,7 @@ SecurityPolicy-Deny-Mail-00005
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -224,7 +226,8 @@ SecurityPolicy-Deny-Mail-00006
${objectids} set Variable ${object_att_content_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00006","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00006","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00006","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -244,7 +247,7 @@ SecurityPolicy-Deny-Mail-00006
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -262,7 +265,8 @@ SecurityPolicy-Deny-Mail-00007
${objectids} set Variable ${object_From_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00007","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00007","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00007","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -282,7 +286,7 @@ SecurityPolicy-Deny-Mail-00007
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
@@ -300,7 +304,8 @@ SecurityPolicy-Deny-Mail-00008
${objectids} set Variable ${object_to_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_Att_name_id},"protocolFields":["TSG_FIELD_MAIL_ATT_NAME"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]},{"objectId":${object_Subject_Id},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]},{"objectId":4059,"protocolFields":[]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00008","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00008","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-Mail-00008","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL","method":"drop","code":550},"referenceObject":[{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -320,7 +325,7 @@ SecurityPolicy-Deny-Mail-00008
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} fail
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证

42
01-TestCase/tsg_adc/api_security/DenySSLTests.robot
View File

@@ -1,18 +1,14 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem #Test Setup Login #Test Teardown Logout
Resource ../../02-Keyword/tsg-adc/systemcommand.txt
Resource ../../02-Keyword/tsg-bf-api/policyobject.txt
Resource ../../02-Keyword/tsg-bf-api/logvariable.txt
Resource ../../02-Keyword/tsg-bf-api/logschema.txt #Resource log-3.robot
Library custometest
Resource ../../02-Keyword/tsg-ui/StmpHandle2.robot
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
*** Test Cases ***
SecurityPolicy-Deny-SSL-00001
[Tags] Deny SSL SNI_SAN_CN_Category
#创建对象 IP
#创建对象 IP
#${rescode} ${object_IP_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_IP","objectDesc":"","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"clientIp1":"192.168.50.31","clientIp2":"192.168.50.31","clientIpFormat":"range","clientPortFormat":"","clientPort1":"","clientPort2":"","serverIpFormat":"","serverIp1":"","serverIp2":"","serverPortFormat":"","serverPort1":"","serverPort2":""}],"updateItemList":[],"deleteItemIds":[]}}
#log ${object_IP_Id}
#${objectids} set Variable ${object_Subid_Id}
@@ -23,14 +19,15 @@ SecurityPolicy-Deny-SSL-00001
#创建对象 SAN_CAT
${rescode_deny} ${object_SAN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SAN_CAT_id}
${objectids} set Variable ${object_SNI_CAT_Id},${object_SAN_CAT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_CAT_id}
#创建对象 CN_CAT
${rescode_deny} ${object_CN_CAT_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_jd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CN_CAT_id}
${objectids} set Variable ${object_SNI_CAT_Id},${object_SAN_CAT_id},${object_CN_CAT_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_CAT_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentID},"protocolFields":[]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00001","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${object_SNI_CAT_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_CAT_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_CAT_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -50,25 +47,26 @@ SecurityPolicy-Deny-SSL-00001
SecurityPolicy-Deny-SSL-00002
[Tags] Deny Fqdn_SNI_CN_SAN
#创建对象 Sub
${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Sub_Id}
${objectids} set Variable ${object_Sub_Id}
# #创建对象 Sub
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$zmmtest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Sub_Id}
# ${objectids} set Variable ${object_Sub_Id}
#创建对象 SNI_FQDN
${rescodeip} ${object_SNI_FQDN_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SNI_FQDN_Id}
${objectids} set Variable ${object_Sub_Id},${object_SNI_FQDN_Id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SNI_FQDN_Id}
#创建对象 SAN_FQDN
${rescode_deny} ${object_SAN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_SAN_FQDN_id}
${objectids} set Variable ${object_Sub_Id},${object_SNI_FQDN_Id},${object_SAN_FQDN_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SAN_FQDN_id}
#创建对象 CN_FQDN
${rescode_deny} ${object_CN_FQDN_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_SSL_sogou","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*ogou.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_CN_FQDN_id}
${objectids} set Variable ${object_Sub_Id},${object_SNI_FQDN_Id},${object_SAN_FQDN_id},${object_CN_FQDN_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CN_FQDN_id}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop","keyring":1},"referenceObject":[{"objectId":${object_Sub_Id},"protocolFields":[]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-Deny-SSL-00002","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","method":"drop"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]},{"objectId":${object_SNI_FQDN_Id},"protocolFields":["TSG_FIELD_SSL_SNI"]},{"objectId":${object_CN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_CN"]},{"objectId":${object_SAN_FQDN_id},"protocolFields":["TSG_FIELD_SSL_SAN"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
@@ -85,5 +83,3 @@ SecurityPolicy-Deny-SSL-00002
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni xiaozhu

102
01-TestCase/tsg_adc/api_security/InteseptHttpTests.robot Normal file
View File

@@ -0,0 +1,102 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Intesept-Http-00001
[Tags] Intercept http ip+fqdn
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_wenming", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.wenming.cn
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${commandstr}
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain wenming.cn
SecurityPolicy-Intesept-Http-00002
[Tags] Intercept http SUB+CAT
# #创建对象SUB ID
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
# log ${object_SUB_Id}
# #删除对象
# ${objectids} set Variable ${object_SUB_Id}
#创建cat
${rescode} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_newsgd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*newsgd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentSubID},"protocolFields":[null]}, \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[ \ \ \ \ \ \ \ \ {"objectId":${object_cat_Id},"protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://www.newsgd.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${commandstr}
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.newsgd.com
SecurityPolicy-Intesept-Http-00003
[Tags] Intercept http ip+fqdn
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_pl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$poplar.ru" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[2]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Http-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} set variable curl -I -m 10 -o /dev/null -s -w \%{http_code} http://poplar.ru/
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${commandstr}
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain poplar.ru

393
01-TestCase/tsg_adc/api_security/InteseptSSLTests.robot Normal file
View File

@@ -0,0 +1,393 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Intesept-Https-00001
[Tags] Intercept https ip+fqdn
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.youtube.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL001.bat
... ELSE set variable curl -kv https://www.youtube.com
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.youtube.com
SecurityPolicy-Intesept-Https-00002
[Tags] Intercept https SUB+CAT
# #创建对象SUB ID
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
# log ${object_SUB_Id}
# #删除对象
# ${objectids} set Variable ${object_SUB_Id}
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_facebook", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*facebook.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL002.bat
... ELSE set Variable curl -kv https://www.facebook.com
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.facebook.com
SecurityPolicy-Intesept-Https-00003
[Tags] Intercept https Fail-close
#创建cat
${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Fail-close", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00003", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"fail-close", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL003.bat
... ELSE set variable curl -kv https://client.badssl.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni client.badssl.com
SecurityPolicy-Intesept-Https-00004
[Tags] Intercept https Pass-through
#创建cat
${rescodeip} ${object_cat_Id} AddObject \ { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_Pass-through", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$client.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$expired.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } ,{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$self-signed.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$untrusted-root.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ },{ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$wrong.host.badssl.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }\ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00004", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL004.bat
... ELSE set variable curl -kv https://self-signed.badssl.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni self-signed.badssl.com
SecurityPolicy-Intesept-Https-00005
[Tags] Intercept https EV
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_EV_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00005", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":1}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
... ELSE set variable curl -kv https://www.myssl.cn/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
SecurityPolicy-Intesept-Https-00006
[Tags] Intercept https CT
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_CT_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00006", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":1, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
SecurityPolicy-Intesept-Https-00007
[Tags] Intercept https MA
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_MA_myssl", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*myssl.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00007", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL005_007.bat
... ELSE set variable curl -kv https://www.myssl.cn/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni myssl.cn
SecurityPolicy-Intesept-Https-00008
[Tags] Intercept https SSL3.0
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_ssl3.0_360", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*360.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00008", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"ssl3", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL008.bat
... ELSE set variable curl -kv https://360.cn/
${stringlist} Create List ssl3_read_bytes
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni 360.cn
SecurityPolicy-Intesept-Https-00009
[Tags] Intercept https TSL1.0
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.0_mi", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.mi.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00009", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls10", \ \ \ \ \ \ \ \ \ "max":"tls10", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL009.bat
... ELSE set variable curl -kv https://www.mi.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.mi.com
SecurityPolicy-Intesept-Https-00010
[Tags] Intercept https TSL1.1
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.1_vip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00010", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls11", \ \ \ \ \ \ \ \ \ "max":"tls11", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL006_010.bat
... ELSE set variable curl -kv https://www.vip.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.vip.com
SecurityPolicy-Intesept-Https-00011
[Tags] Intercept https TSL1.2
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.2_taobao", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00011", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls12", \ \ \ \ \ \ \ \ \ "max":"tls12", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL011.bat
... ELSE set variable curl -kv https://www.taobao.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.taobao.com
SecurityPolicy-Intesept-Https-00012
[Tags] Intercept https TSL1.3
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_TSL1.3_halfrost", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*halfrost.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00012", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":0, \ \ \ \ \ \ \ \ \ \ "min":"tls13", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":0}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":0, \ \ \ \ "cert_pinning":0,"cert_transparency":0, \ \ \ \ "protocol_errors":0,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":0, \ \ \ \ "expiration":0, \ \ \ \ "cn":0, \ \ \ \ "issuer":0}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL012.bat
... ELSE set variable curl -kv https://halfrost.com/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni halfrost.com
SecurityPolicy-Intesept-Https-00013
[Tags] Intercept https ip+fqdn
#创建fqdn
${rescodeip} ${object_FQDN_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_youtube", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.olx.kz" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_FQDN_Id}
#删除对象
${objectids} set Variable ${object_FQDN_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-Intercept-Https-00013", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"intercept", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL", \ \ \ \ "protocol_version":{"allow_http2":1, \ \ \ \ \ \ \ \ \ \ "min":"ssl3", \ \ \ \ \ \ \ \ \ "max":"tls13", \ \ \ \ \ \ \ \ \ "mirror_client":1}, \ \ \ \ "dynamic_bypass":{"mutual_authentication":1, \ \ \ \ "cert_pinning":1,"cert_transparency":0, \ \ \ \ "protocol_errors":1,"ev_cert":0}, \ \ \ \ "decrypt_mirror":{"enable":0}, \ \ \ \ "certificate_checks":{"fail_action":"pass-through", \ \ \ \ "approach":{"self-signed":1, \ \ \ \ "expiration":1, \ \ \ \ "cn":1, \ \ \ \ "issuer":1}}, \ \ \ \ "keyring":1}, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[3]\ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_Intercept_SSL013.bat
... ELSE set variable curl -kv https://www.olx.kz/uslugi/
${stringlist} Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.olx.kz

71
01-TestCase/tsg_adc/api_security/MonitorDNSTests.robot Normal file
View File

@@ -0,0 +1,71 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-monitor-DNS-00001
[Tags] monitor DNS ip+fqdn
#创建fqdn
${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.wenming.cn" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*vip.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_fqdn_Id}
#删除对象
${objectids} set Variable ${object_fqdn_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_FQDN_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} set variable nslookup -d www.vip.com
@{stringlist} set variable canonical name = www.vip.com type = AAAA, class = IN
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.vip.com
SecurityPolicy-monitor-DNS-00002
[Tags] monitor DNS ip+cat
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$www.taobao.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]},{"objectId":${testClentID}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] ,"appObjectIdArray":[4] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-DNS-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"DNS" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_DNS_QNAME"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} set variable nslookup -d www.taobao.com
@{stringlist} set variable canonical name = www.taobao.com type = AAAA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#验证日志
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.taobao.com

96
01-TestCase/tsg_adc/api_security/MonitorFTPTests.robot Normal file
View File

@@ -0,0 +1,96 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
Library Custometest
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-monitor-FTP-00001
[Tags] monitor Sub_Account
# #创建对象 Sub
# ${rescode} ${object_Sub_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"subscriberid","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmmtest_subid","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["$jwctest"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
# log ${object_Sub_Id}
# ${objectids} set Variable ${object_Sub_Id}
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop","keyring":1},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","method":"drop"},"referenceObject":[{"objectId":${testClentSubID} ,"protocolFields":[null]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous
SecurityPolicy-monitor-FTP-00002
[Tags] monitor URI_Content
#创建对象 URI
${rescodeip} ${object_URI_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"url","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_URI","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*771.txt"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_URI_Id}
${objectids} set Variable ${object_URI_Id}
#创建对象 Content
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_FTP_Content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["accountsservice"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Content_id}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content_id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_URI_Id} ,"protocolFields":["TSG_FIELD_FTP_URI"]},{"objectId":${object_Content_id} ,"protocolFields":["TSG_FIELD_FTP_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 下载
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_url ftp://202.38.97.230/pub/iso/linux/knoppix/KNOPPIX_V7.7.1DVD-2016-10-22-EN/dpkg-l-dvd-771.txt
SecurityPolicy-monitor-FTP-00003
[Tags] monitor Sub_Account
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"JWC_Account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["anony*"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP","keyring":1},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[6]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-FTP-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"FTP"},"referenceObject":[{"objectId":${object_Account_Id} ,"protocolFields":["TSG_FIELD_FTP_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${FTP} FTP 登录
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account anonymous

103
01-TestCase/tsg_adc/api_security/MonitorHttpTests.robot Normal file
View File

@@ -0,0 +1,103 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-monitor-Http-00001
[Tags] monitor http ip+cat+User-Agent+Content-Type+url
#创建cat
${rescodeip} ${object_cat_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn_category", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_cat_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*ziroom.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_cat_Id}
#删除对象
${objectids} set Variable ${object_cat_Id}
#创建url
${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_zm", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "ziroom" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_url_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建请求头
${rescode} ${object_User_Agent_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_UA","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["Mozilla/5.0*"],"isHexbin":0,"district":"User-Agent"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_User_Agent_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_User_Agent_Id}
#创建应答头
${rescode} ${object_Content-Type_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_CT","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["text/html; charse*"],"isHexbin":0,"district":"Content-Type"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_Content-Type_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_Content-Type_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_cat_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_User_Agent_Id},"protocolFields": ["TSG_FIELD_HTTP_REQ_HDR"]},{"objectId":${object_Content-Type_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
#${commandstr} set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://www.ziroom.com/life/index \ \ | iconv -f utf-8 -t gbk
... ELSE set variable curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://www.ziroom.com/life/index
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${commandstr}
should contain ${commandreturn} 全屋智能美家
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.ziroom.com
SecurityPolicy-monitor-Http-00002
[Tags] monitor http SUB+cat+set-cookie+url
#创建fqdn
${rescodeip} ${object_fqdn_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_fqdn_ziroom", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*zhu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_fqdn_Id}
#删除对象
${objectids} set Variable ${object_fqdn_Id}
#创建url
${rescode} ${object_url_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"url", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_url_xz", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "www.xiaozhu*" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${object_url_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
#创建请求头
${rescode} ${object_sk_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"http_signature","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_http_sk","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*domain=.xiaozhu.com"],"isHexbin":0,"district":"Set-Cookie"}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_sk_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_sk_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${object_SUB_Id}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[null]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[2] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-http-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"HTTP" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_fqdn_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_HTTP_HOST"]}, \ \ \ \ \ \ \ \ {"objectId":${testClentSubID}, \ \ \ \ \ \ \ \ "protocolFields":[]},{"objectId":${object_url_Id},"protocolFields": ["TSG_FIELD_HTTP_URL"]},{"objectId":${object_sk_Id},"protocolFields": ["TSG_FIELD_HTTP_RES_HDR"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
#${commandstr} set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
${commandstr} run keyword if '${systemType}'=='Windows' set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' \ http://www.xiaozhu.com \ \ | iconv -f utf-8 -t gbk
... ELSE set variable curl --cookie "*_math=czsuv8n9d4p; Hm_lvt_92e8bc890f374994dd570aa15afc99e1=1575187416; Hm_lpvt_92e8bc890f374994dd570aa15afc99e1=1575187416; _uab_collina=157518741578524001717192" --referer 'http://www.baidu.com/' http://www.xiaozhu.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} SystemCommand ${commandstr}
should contain ${commandreturn} 200
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_domain www.xiaozhu.com

215
01-TestCase/tsg_adc/api_security/MonitorMailTests.robot Normal file
View File

@@ -0,0 +1,215 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
Library Custometest
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-monitor-mail-00001
[Tags] monitor URI_Content
#创建对象 Account
${rescodeip} ${object_Account_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_account","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1343921421z@163.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Account_Id}
${objectids} set Variable ${object_Account_Id}
#创建策略
#${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00001","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Account_Id},"protocolFields":["TSG_FIELD_MAIL_ACCOUNT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${mail} EmailLogin smtp.163.com 25 z1343921421z@163.com VIAVUYPIEJRDQDBN
should contain ${mail} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-monitor-mail-00002
[Tags] monitor to
#创建对象 to
${rescode_deny} ${object_to_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_to","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1789327568z@163.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_to_id}
${objectids} set Variable ${object_to_id}
#创建策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00002","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_to_id},"protocolFields":["TSG_FIELD_MAIL_TO"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${Smtp服务器} Set Variable smtp.163.com
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable z1343921421z@163.com
${邮箱密码} Set Variable VIAVUYPIEJRDQDBN
${邮件主题} Set Variable 姬巍川subject
${发送者} Set Variable z1343921421z@163.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["z1789327568z@163.com"]
${抄送者} Set Variable ["z1789327568z@163.com"]
${密送者} Set Variable ["z1789327568z@163.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-monitor-Mail-00003
[Tags] monitor From
#创建对象 From
${rescode_deny} ${object_From_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"account","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_from","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["z1343921421z@163.com"],"itemId":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_From_id}
${objectids} set Variable ${object_From_id}
#创建策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00003","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_From_id},"protocolFields":["TSG_FIELD_MAIL_FROM"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${Smtp服务器} Set Variable smtp.163.com
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable z1343921421z@163.com
${邮箱密码} Set Variable VIAVUYPIEJRDQDBN
${邮件主题} Set Variable 姬巍川subject
${发送者} Set Variable z1343921421z@163.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["z1789327568z@163.com"]
${抄送者} Set Variable ["z1789327568z@163.com"]
${密送者} Set Variable ["z1789327568z@163.com"]
${邮件正文} Set Variable 姬巍川content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-monitor-Mail-00004
[Tags] monitor Att_content
#创建对象 att_content
${rescode_deny} ${object_att_content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川测试文件内容"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_att_content_id}
${objectids} set Variable ${object_att_content_id}
#创建策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00004","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00004","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_att_content_id},"protocolFields":["TSG_FIELD_MAIL_ATT_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${Smtp服务器} Set Variable smtp.163.com
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable z1343921421z@163.com
${邮箱密码} Set Variable VIAVUYPIEJRDQDBN
${邮件主题} Set Variable 姬巍川subject
${发送者} Set Variable z1343921421z@163.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["z1789327568z@163.com"]
${抄送者} Set Variable ["z1789327568z@163.com"]
${密送者} Set Variable ["z1789327568z@163.com"]
${邮件正文} Set Variable 姬巍川content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-monitor-Mail-00005
[Tags] monitor Content
#创建对象 Content
${rescode_deny} ${object_Content_id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"zmm_content","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川content"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
log ${object_Content_id}
${objectids} set Variable ${object_Content_id}
#创建策略
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00005","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
... ELSE set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00005","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${object_Content_id},"protocolFields":["TSG_FIELD_MAIL_CONTENT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${Smtp服务器} Set Variable smtp.163.com
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable z1343921421z@163.com
${邮箱密码} Set Variable VIAVUYPIEJRDQDBN
${邮件主题} Set Variable 姬巍川subject
${发送者} Set Variable z1343921421z@163.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["z1789327568z@163.com"]
${抄送者} Set Variable ["z1789327568z@163.com"]
${密送者} Set Variable ["z1789327568z@163.com"]
${邮件正文} Set Variable 姬巍川content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com
SecurityPolicy-monitor-Mail-00006
[Tags] monitor Subject
# #创建对象 Subject
# ${rescodeip} ${object_Subject_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"keywords","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_subject","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["姬巍川subject"],"isHexbin":0,"itemId":"","isValid":""}],"updateItemList":[],"deleteItemIds":[],"objectId":""}}
# log ${object_Subject_Id}
# ${objectids} set Variable ${object_Subject_Id}
#创建策略
#${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00006","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-monitor-Mail-00006","policyType":"tsg_security","action":"monitor","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"MAIL"},"referenceObject":[{"objectId":${testClentSubID},"protocolFields":["TSG_FIELD_MAIL_SUBJECT"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[5]}}
${rescode} ${policyId2} AddPolicy ${addPolicyStr}
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId2}]}
${policyIds} Create List ${policyId1}
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
${starttime} Get Time
${Smtp服务器} Set Variable smtp.163.com
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable z1343921421z@163.com
${邮箱密码} Set Variable VIAVUYPIEJRDQDBN
${邮件主题} Set Variable 姬巍川subject
${发送者} Set Variable z1343921421z@163.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["z1789327568z@163.com"]
${抄送者} Set Variable ["z1789327568z@163.com"]
${密送者} Set Variable ["z1789327568z@163.com"]
${邮件正文} Set Variable 姬巍川content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId2}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account z1343921421z@163.com

98
01-TestCase/tsg_adc/api_security/MonitorSSLTests.robot Normal file
View File

@@ -0,0 +1,98 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-monitor-SSL-00001
[Tags] monitor ssl ip+cat
#创建SNI_CAT
${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_sni_Id}
#删除对象
${objectids} set Variable ${object_sni_Id}
#创建SAN_CAT
${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_san_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id}
#创建对象 CN_CAT
${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_cn_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl001.bat
... ELSE set variable curl -kv https://www.jd.com
@{stringlist} set variable 正品低价 html
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.jd.com
SecurityPolicy-monitor-SSL-00002
[Tags] monitor ssl SUB+fqdn
# #创建对象SUB
# ${rescode} ${object_SUB_Id} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"subscriberid", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"jwc_SUB_ip", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "$jwctest" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] } \
# log ${object_SUB_Id}
# #删除对象
# ${objectids} set Variable ${object_SUB_Id}
#创建SNI_CAT
${rescodeip} ${object_sni_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_sni_Id}
#删除对象
${objectids} set Variable ${object_sni_Id}
#创建SAN_CAT
${rescodeip} ${object_san_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_san_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_san_Id}
#创建对象 CN_CAT
${rescodeip} ${object_cn_Id} AddObject {"opAction":"add","returnData":1,"objectList":{"objectType":"fqdn_category","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"jwc_SSL_yhd_cat","objectDesc":"","subObjectIds":[],"addItemList":[{"keywordArray":["*d.com"],"itemId":"","isValid":"","isHexbin":0}],"updateItemList":[],"deleteItemIds":[]}}
log ${object_cn_Id}
#删除对象
${objectids} Catenate SEPARATOR=, ${objectids} ${object_cn_Id}
#创建策略
#${addPolicyStr} set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00001", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ],"appObjectIdArray":[3] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
... ELSE set variable { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "policyList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "policyId":"", \ \ \ \ \ \ \ \ \ \ \ \ "isValid":1, \ \ \ \ \ \ \ \ \ \ \ \ "policyName":"SecurityPolicy-monitor-SSL-00002", \ \ \ \ \ \ \ \ \ \ \ \ "policyType":"tsg_security", \ \ \ \ \ \ \ \ \ \ \ \ "action":"monitor", \ \ \ \ \ \ \ \ \ \ \ \ "userTags":"", \ \ \ \ \ \ \ \ \ \ \ \ "doBlacklist":0, \ \ \ \ \ \ \ \ \ \ \ \ "doLog":1, \ \ \ \ \ \ \ \ \ \ \ \ "userRegion":{ \ \ \ \ \ \ \ \ \ \ \ \ \ "protocol":"SSL" \ \ \ \ }, \ \ \ \ \ \ \ \ \ \ \ \ "referenceObject":[{"objectId":${object_sni_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SNI"]}, {"objectId":${object_san_Id}, \ \ \ \ \ \ \ \ "protocolFields":["TSG_FIELD_SSL_SAN"]},{"objectId":${object_cn_Id}, \ \ \ \ \ \ \ \ "protocolFields":[ "TSG_FIELD_SSL_CN"]}], \ \ \ \ \ \ \ \ \ \ \ \ "scheduleId":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#功能端验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/SecurityPolicy_monitor_ssl002.bat
... ELSE set variable curl -kv https://www.yhd.com
@{stringlist} set variable 货到付款 text
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni www.yhd.com

0
01-TestCase/tsg_adc/selfserver/Api_Proxy/.gitkeep Normal file
View File

762
01-TestCase/tsg_adc/selfserver/Api_Proxy/Allow_Http_Tests.robot Normal file
View File

@@ -0,0 +1,762 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Allow-Http-00001
[Tags] selfserver ip http allow
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http allow
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00003
[Tags] selfserver ip+cat右匹配 http allow
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Response
... ELSE Create List Response
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00004
[Tags] selfserver http allow ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00005
[Tags] selfserver http allow ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00006
[Tags] selfserver http allow ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/tengrinews/tengrinews.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Allow-HTTP-0001.bat
... ELSE set variable curl \ http://open.node.com/test/tengrinews/tengrinews.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List экономике
... ELSE Create List экономике
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00007
[Tags] selfserver http allow ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Response
... ELSE Create List Response
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00008
[Tags] selfserver http allow ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00009
[Tags] selfserver http allow ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00010
[Tags] selfserver http allow ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00011
[Tags] selfserver http allow ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00012
[Tags] selfserver http allow ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List switch=kazakh
... ELSE Create List switch=kazakh
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00013
[Tags] selfserver http allow ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00014
[Tags] selfserver http allow ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00015
[Tags] selfserver http allow ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=utf-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List switch=kazakh
... ELSE Create List switch=kazakh
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00016
[Tags] selfserver http allow ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List AhbmRDASY7NuOZD9cFMgQihZ
... ELSE Create List AhbmRDASY7NuOZD9cFMgQihZ
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00017
[Tags] selfserver http allow ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00018
[Tags] selfserver http allow ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00019
[Tags] selfserver http allow ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Body
... ELSE Create List Body
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00020
[Tags] selfserver http allow ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Http-00021
[Tags] selfserver 最大组合 http allow
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Body
... ELSE Create List Body
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

761
01-TestCase/tsg_adc/selfserver/Api_Proxy/Allow_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,761 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Allow-Ssl-00001
[Tags] selfserver ip ssl allow
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List трейлеры Tango Secure Gateway CA
... ELSE Create List трейлеры Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00002
[Tags] selfserver ip+fqdn完整匹配 ssl allow
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List трейлеры Tango Secure Gateway CA
... ELSE Create List трейлеры Tango Secure Gateway CA \ \ \ \ Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00003
[Tags] selfserver ip+cat右匹配 ssl allow
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Response Body Tango Secure Gateway CA
... ELSE Create List Response Body Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00004
[Tags] selfserver ssl allow ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List трейлеры Tango Secure Gateway CA
... ELSE Create List трейлеры Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00005
[Tags] selfserver ssl allow ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List twitter Tango Secure Gateway CA
... ELSE Create List twitter Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00006
[Tags] selfserver ssl allow ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动 Tango Secure Gateway CA
... ELSE Create List 字节跳动 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00007
[Tags] selfserver ssl allow ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Response Body Tango Secure Gateway CA
... ELSE Create List Response Body Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00008
[Tags] selfserver ssl allow ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00009
[Tags] selfserver ssl allow ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00010
[Tags] selfserver ssl allow ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00011
[Tags] selfserver ssl allow ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00012
[Tags] selfserver ssl allow ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List switch=kazakh Tango Secure Gateway CA
... ELSE Create List switch=kazakh Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00013
[Tags] selfserver ssl allow ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"method":"allow","protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List трейлеры Tango Secure Gateway CA
... ELSE Create List трейлеры Tango Secure Gateway CA Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00014
[Tags] selfserver ssl allow ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List трейлеры Tango Secure Gateway CA
... ELSE Create List трейлеры Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00015
[Tags] selfserver ssl allow ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动 Tango Secure Gateway CA
... ELSE Create List 字节跳动 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00016
[Tags] selfserver ssl allow ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List twitter Tango Secure Gateway CA
... ELSE Create List twitter Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00017
[Tags] selfserver ssl allow ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00018
[Tags] selfserver ssl allow ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00019
[Tags] selfserver ssl allow ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test Tango Secure Gateway CA
... ELSE Create List test Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00020
[Tags] selfserver ssl allow ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求 Tango Secure Gateway CA
... ELSE Create List 发送POST请求 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Allow-Ssl-00021
[Tags] selfserver 最大组合 ssl allow
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Allow-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Response Body Tango Secure Gateway CA
... ELSE Create List Response Body Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

786
01-TestCase/tsg_adc/selfserver/Api_Proxy/Deny_Http_Tests.robot Normal file
View File

@@ -0,0 +1,786 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Deny-Http-00001
[Tags] selfserver ip http deny
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"test","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http deny
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好,五一","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 你好,五一
... ELSE Create List 你好,五一
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00003
[Tags] selfserver ip+cat右匹配 http deny
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List виде
... ELSE Create List виде
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00004
[Tags] selfserver http deny ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00005
[Tags] selfserver http deny ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00006
[Tags] selfserver http deny ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List виде
... ELSE Create List виде
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00007
[Tags] selfserver http deny ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00008
[Tags] selfserver http deny ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00009
[Tags] selfserver http deny ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00010
[Tags] selfserver http deny ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List виде
... ELSE Create List виде
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00011
[Tags] selfserver http deny ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00012
[Tags] selfserver http deny ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"zxcvbnm","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm
... ELSE Create List zxcvbnm
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00013
[Tags] selfserver http deny ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好明天","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 你好明天
... ELSE Create List 你好明天
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00014
[Tags] selfserver http deny ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00015
[Tags] selfserver http deny ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"qwerty","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List qwerty
... ELSE Create List qwerty
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00016
[Tags] selfserver http deny ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"123456","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat \
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 123456
... ELSE Create List 123456
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00017
[Tags] selfserver http deny ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好明天","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 你好明天
... ELSE Create List 你好明天
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00018
[Tags] selfserver http deny ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00019
[Tags] selfserver http deny ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"qwerty","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=yyyyy" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List qwerty
... ELSE Create List qwerty
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00020
[Tags] selfserver http deny ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"123456","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 123456
... ELSE Create List 123456
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00021
[Tags] selfserver http deny ip+请求体字串匹配
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"Извините","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Извините
... ELSE Create List Извините
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00022
[Tags] selfserver http deny ip+应答体字串匹配
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Response Body
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"Извините","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Http-00023
[Tags] selfserver 最大组合 http deny
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=酒店式公寓
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00023 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好,五一","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00023.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

786
01-TestCase/tsg_adc/selfserver/Api_Proxy/Deny_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,786 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Deny-Ssl-00001
[Tags] selfserver ip deny ssl
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"test","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00002
[Tags] selfserver ip+fqdn完整匹配 deny ssl
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好,五一","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 你好,五一 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 你好,五一 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00003
[Tags] selfserver ip+cat右匹配 deny ssl
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List виде Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List виде Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00004
[Tags] selfserver deny ip+url右匹配 ssl
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00005
[Tags] selfserver deny ip+url字串匹配 ssl
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00006
[Tags] selfserver deny ip+url完整匹配 ssl
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List виде Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List виде Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00007
[Tags] selfserver deny ip+url左匹配 ssl
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00008
[Tags] selfserver deny ssl ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":404,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00009
[Tags] selfserver deny ip+请求头字串匹配 ssl
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00010
[Tags] selfserver deny ip+请求头完整匹配 ssl
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"виде","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List виде Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List виде Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00011
[Tags] selfserver deny ip+请求头左匹配 ssl
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00012
[Tags] selfserver deny ip+cookie字串匹配 ssl
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"zxcvbnm","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00013
[Tags] selfserver deny ip+应答头右匹配 ssl
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好明天","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 你好明天 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 你好明天 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00014
[Tags] selfserver deny ip+应答头字串匹配 ssl
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00015
[Tags] selfserver deny ip+应答头完整匹配 ssl
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"qwerty","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List qwerty Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List qwerty Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00016
[Tags] selfserver deny ip+应答头左匹配 ssl
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"123456","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 123456 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 123456 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00017
[Tags] selfserver deny ip+set-cookie右匹配 ssl
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好明天","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 你好明天 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 你好明天 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00018
[Tags] selfserver deny ip+set-cookie字串匹配 ssl
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 对不起,您请求的页面不存在、或已被删除、或暂时不可用 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00019
[Tags] selfserver deny ip+set-cookie完整匹配 ssl
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-ssl-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"qwerty","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=yyyyy" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List qwerty Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List qwerty Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00020
[Tags] selfserver deny ip+set-cookie左匹配 ssl
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"123456","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 123456 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 123456 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00021
[Tags] selfserver deny ip+请求体字串匹配 ssl
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-SSL-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"Извините","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Извините Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Извините Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00022
[Tags] selfserver deny ip+应答体字串匹配 ssl
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Response Body
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-ssl-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"Извините","code":451,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Empty reply from server Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Connection reset by peer Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Deny-Ssl-00023
[Tags] selfserver 最大组合 deny ssl
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*bytedance.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=字节跳动
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Deny-Ssl-00023 policyType=pxy_manipulation policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"method":"block","message":"你好,五一","code":403,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00023.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Empty reply from server X-TG-Construct-By
... ELSE Create List Connection reset by peer X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

831
01-TestCase/tsg_adc/selfserver/Api_Proxy/Hijack_Http_Tests.robot Normal file
View File

@@ -0,0 +1,831 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/hijackfiles
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Hijack-Http-00001
[Tags] selfserver http hijack ip+url
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test1","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075
... ELSE Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00002
[Tags] selfserver http hijack ip+fqdn完整匹配+url
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00003
[Tags] selfserver http hijack ip+cat右匹配+url
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00004
[Tags] selfserver http hijack ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00005
[Tags] selfserver http hijack ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png
... ELSE Create List bFiles-test-5.png
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00006
[Tags] selfserver http hijack ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg
... ELSE Create List test-4.jpeg
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00007
[Tags] selfserver http hijack ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif
... ELSE Create List test-2.gif
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00008
[Tags] selfserver http hijack ip+请求头右匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00009
[Tags] selfserver http hijack ip+请求头字串匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00010
[Tags] selfserver http hijack ip+请求头完整匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00011
[Tags] selfserver http hijack ip+请求头左匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00012
[Tags] selfserver http hijack ip+cookie字串匹配+url
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png
... ELSE Create List bFiles-test-5.png
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00013
[Tags] selfserver http hijack ip+应答头右匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg
... ELSE Create List test-4.jpeg
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00014
[Tags] selfserver http hijack ip+应答头字串匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif
... ELSE Create List test-2.gif
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00015
[Tags] selfserver http hijack ip+应答头完整匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00016
[Tags] selfserver http hijack ip+应答头左匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat \
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00017
[Tags] selfserver http hijack ip+set-cookie右匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00018
[Tags] selfserver http hijack ip+set-cookie字串匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png
... ELSE Create List bFiles-test-5.png
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00019
[Tags] selfserver http hijack ip+set-cookie完整匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=yyyyy" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg
... ELSE Create List test-4.jpeg
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00020
[Tags] selfserver http hijack ip+set-cookie左匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif
... ELSE Create List test-2.gif
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Http-00021
[Tags] selfserver 最大组合 http hijack
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00023.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动
... ELSE Create List 控制小蛇在地图范围内移动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

826
01-TestCase/tsg_adc/selfserver/Api_Proxy/Hijack_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,826 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/hijackfiles
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Hijack-Ssl-00001
[Tags] selfserver ssl hijack ip+url
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test1","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00002
[Tags] selfserver ssl hijack ip+fqdn完整匹配+url
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By \ \ Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00003
[Tags] selfserver ssl hijack ip+cat右匹配+url
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-1.exe Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-1.exe Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00004
[Tags] selfserver ssl hijack ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00005
[Tags] selfserver ssl hijack ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00006
[Tags] selfserver ssl hijack ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00007
[Tags] selfserver ssl hijack ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00008
[Tags] selfserver ssl hijack ip+请求头右匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00009
[Tags] selfserver ssl hijack ip+请求头字串匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00010
[Tags] selfserver ssl hijack ip+请求头完整匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00011
[Tags] selfserver ssl hijack ip+请求头左匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-1.exe X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List test-1.exe X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00012
[Tags] selfserver ssl hijack ip+cookie字串匹配+url
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00013
[Tags] selfserver ssl hijack ip+应答头右匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00014
[Tags] selfserver ssl hijack ip+应答头字串匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00015
[Tags] selfserver ssl hijack ip+应答头完整匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00016
[Tags] selfserver ssl hijack ip+应答头左匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00017
[Tags] selfserver ssl hijack ip+set-cookie右匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 控制小蛇在地图范围内移动 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00018
[Tags] selfserver ssl hijack ip+set-cookie字串匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List bFiles-test-5.png Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00019
[Tags] selfserver ssl hijack ip+set-cookie完整匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-4.jpeg Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00020
[Tags] selfserver ssl hijack ip+set-cookie左匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-2.gif hijack {"isValid":1,"contentType":"image/gif","opAction":"add","profileName":"test6","contentName":"Create-Hijack Files-test-2.gif","profileId":null,"returnData":1}
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List test-2.gif Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Hijack-Ssl-00021
[Tags] selfserver 最大组合 ssl hijack
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建hijack文件
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-3.html hijack
${profiledId} Get From Dictionary ${response} profileId
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Hijack-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List 控制小蛇在地图范围内移动 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

827
01-TestCase/tsg_adc/selfserver/Api_Proxy/Insert_Http_Tests.robot Normal file
View File

@@ -0,0 +1,827 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/insertscripts
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Insert-Http-00001
[Tags] selfserver http Insert ip+url
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00002
[Tags] selfserver http Insert ip+fqdn完整匹配+url
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00003
[Tags] selfserver http Insert ip+cat右匹配+url
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*youtube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00004
[Tags] selfserver http Insert ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00005
[Tags] selfserver http Insert ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00006
[Tags] selfserver http Insert ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00007
[Tags] selfserver http Insert ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00008
[Tags] selfserver http Insert ip+请求头右匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00009
[Tags] selfserver http Insert ip+请求头字串匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00010
[Tags] selfserver http Insert ip+请求头完整匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00011
[Tags] selfserver http Insert ip+请求头左匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00012
[Tags] selfserver http Insert ip+cookie字串匹配+url
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00013
[Tags] selfserver http Insert ip+应答头右匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00014
[Tags] selfserver http Insert ip+应答头字串匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00015
[Tags] selfserver http Insert ip+应答头完整匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=utf-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00016
[Tags] selfserver http Insert ip+应答头左匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00017
[Tags] selfserver http Insert ip+set-cookie右匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00018
[Tags] selfserver http Insert ip+set-cookie字串匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00019
[Tags] selfserver http Insert ip+set-cookie完整匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00020
[Tags] selfserver http Insert ip+set-cookie左匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Http-00021
[Tags] selfserver 最大组合 http Insert
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!")
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

826
01-TestCase/tsg_adc/selfserver/Api_Proxy/Insert_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,826 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/insertscripts
${profiledId} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Insert-Ssl-00001
[Tags] selfserver ssl Hijack ip+url
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00002
[Tags] selfserver ssl Insert ip+fqdn完整匹配+url
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA \ \ \ Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00003
[Tags] selfserver ssl Insert ip+cat右匹配+url
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00004
[Tags] selfserver ssl Insert ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00005
[Tags] selfserver ssl Insert ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00006
[Tags] selfserver ssl Insert ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00007
[Tags] selfserver ssl Insert ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00008
[Tags] selfserver ssl Insert ip+请求头右匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00009
[Tags] selfserver ssl Insert ip+请求头字串匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00010
[Tags] selfserver ssl Insert ip+请求头完整匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00011
[Tags] selfserver ssl Insert ip+请求头左匹配+url
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00012
[Tags] selfserver ssl Insert ip+cookie字串匹配+url
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00013
[Tags] selfserver ssl Insert ip+应答头右匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00014
[Tags] selfserver ssl Insert ip+应答头字串匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00015
[Tags] selfserver ssl Insert ip+应答头完整匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00016
[Tags] selfserver ssl Insert ip+应答头左匹配+url
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00017
[Tags] selfserver ssl Insert ip+set-cookie右匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00018
[Tags] selfserver ssl Insert ip+set-cookie字串匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00019
[Tags] selfserver ssl Insert ip+set-cookie完整匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00020
[Tags] selfserver ssl Insert ip+set-cookie左匹配+url
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Insert-Ssl-00021
[Tags] selfserver 最大组合 ssl Insert
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建insert文件
${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-Insert Scripts-test-1.js insert
${profiledId} Get From Dictionary ${response} profileId
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Insert-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List type="text/javascript" class="RQ_SCRIPT">alert("执行javascript!") X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

766
01-TestCase/tsg_adc/selfserver/Api_Proxy/Monitor_Http_Tests.robot Normal file
View File

@@ -0,0 +1,766 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Monitor-Http-00001
[Tags] selfserver ip http monitor
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"method":"monitor","protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http monitor
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"method":"monitor","protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00003
[Tags] selfserver ip+cat右匹配 http monitor
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"method":"monitor","protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_HOST
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00004
[Tags] selfserver http monitor ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"method":"monitor","protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00005
[Tags] selfserver http monitor ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List AhbmRDASY
... ELSE Create List AhbmRDASY
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00006
[Tags] selfserver http monitor ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Allow-HTTP-0001.bat
... ELSE set variable curl \ http://open.node.com/test/tengrinews/tengrinews.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List экономике
... ELSE Create List экономике
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00007
[Tags] selfserver http monitor ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00008
[Tags] selfserver http monitor ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00009
[Tags] selfserver http monitor ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00010
[Tags] selfserver http monitor ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00011
[Tags] selfserver http monitor ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00012
[Tags] selfserver http monitor ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List switch=kazakh
... ELSE Create List switch=kazakh
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00013
[Tags] selfserver http monitor ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00014
[Tags] selfserver http monitor ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00015
[Tags] selfserver http monitor ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List switch=kazakh
... ELSE Create List switch=kazakh
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00016
[Tags] selfserver http monitor ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat \
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List AhbmRDASY
... ELSE Create List AhbmRDASY
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00017
[Tags] selfserver http monitor ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00018
[Tags] selfserver http monitor ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00019
[Tags] selfserver http monitor ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Body
... ELSE Create List Body
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00020
[Tags] selfserver http monitor ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00017.bat
... ELSE set variable curl http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00021
[Tags] selfserver http monitor ip+请求体字串匹配
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00022
[Tags] selfserver http monitor ip+应答体字串匹配
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Response Body
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Response
... ELSE Create List Response
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Monitor-Http-00023
[Tags] selfserver 最大组合 http monitor
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=酒店式公寓
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Monitor-HTTP-00023 policyType=pxy_manipulation policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_RES_CONTENT
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-HTTP-00023.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 手机号
... ELSE Create List 手机号
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

802
01-TestCase/tsg_adc/selfserver/Api_Proxy/Monitor_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,802 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Redirect-Http-00001
[Tags] selfserver ip http redirect
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.ziroom.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv \ http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.ziroom.com/ 301 X-TG-Construct-By
... ELSE Create List http://www.ziroom.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http redirect
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 302 X-TG-Construct-By
... ELSE Create List https://www.yhd.com 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00003
[Tags] selfserver ip+cat右匹配 http redirect
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.toutiao.com/ch/news_hot/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By
... ELSE Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00004
[Tags] selfserver http redirect ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://bbs.tianya.cn/list-lookout-1.shtml","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By
... ELSE Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00005
[Tags] selfserver http redirect ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://kefu.ctrip.com/index","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv http://open.node.com/test/youtube/youtube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By
... ELSE Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00006
[Tags] selfserver http redirect ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.booking.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.booking.com/ 302 X-TG-Construct-By
... ELSE Create List https://www.booking.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00007
[Tags] selfserver http redirect ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.eastmoney.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.eastmoney.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.eastmoney.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00008
[Tags] selfserver http redirect ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.iqiyi.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.iqiyi.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.iqiyi.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00009
[Tags] selfserver http redirect ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://chaoshi.tmall.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By
... ELSE Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00010
[Tags] selfserver http redirect ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://military.china.com/zh_cn/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By
... ELSE Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00011
[Tags] selfserver http redirect ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.tiexue.net/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.tiexue.net/ 302 X-TG-Construct-By
... ELSE Create List http://www.tiexue.net/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00012
[Tags] selfserver http redirect ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.douyu.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.douyu.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.douyu.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00013
[Tags] selfserver http redirect ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.fang.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.fang.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.fang.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00014
[Tags] selfserver http redirect ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID=","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By
... ELSE Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00015
[Tags] selfserver http redirect ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://stock.stockstar.com/gem/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By
... ELSE Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00016
[Tags] selfserver http redirect ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.kugou.com/yy/html/rank.html","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By
... ELSE Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00017
[Tags] selfserver http redirect ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yy.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yy.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.yy.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00018
[Tags] selfserver http redirect ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.xiaohongshu.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By
... ELSE Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00019
[Tags] selfserver http redirect ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zhihu.com/signin?next=%2F","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By
... ELSE Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00020
[Tags] selfserver http redirect ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.pcauto.com.cn/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By
... ELSE Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00021
[Tags] selfserver http redirect ip+请求体字串匹配
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.cmbchina.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body"-kv http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.cmbchina.com/ 301 X-TG-Construct-By
... ELSE Create List http://www.cmbchina.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00022
[Tags] selfserver 最大组合 http redirect
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 301 X-TG-Construct-By
... ELSE Create List https://www.yhd.com 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

802
01-TestCase/tsg_adc/selfserver/Api_Proxy/Redirect_Http_Tests.robot Normal file
View File

@@ -0,0 +1,802 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Redirect-Http-00001
[Tags] selfserver ip http redirect
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.ziroom.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv \ http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.ziroom.com/ 301 X-TG-Construct-By
... ELSE Create List http://www.ziroom.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http redirect
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 302 X-TG-Construct-By
... ELSE Create List https://www.yhd.com 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00003
[Tags] selfserver ip+cat右匹配 http redirect
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.toutiao.com/ch/news_hot/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By
... ELSE Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00004
[Tags] selfserver http redirect ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://bbs.tianya.cn/list-lookout-1.shtml","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By
... ELSE Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00005
[Tags] selfserver http redirect ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://kefu.ctrip.com/index","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv http://open.node.com/test/youtube/youtube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By
... ELSE Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00006
[Tags] selfserver http redirect ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.booking.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.booking.com/ 302 X-TG-Construct-By
... ELSE Create List https://www.booking.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00007
[Tags] selfserver http redirect ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.eastmoney.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.eastmoney.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.eastmoney.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00008
[Tags] selfserver http redirect ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.iqiyi.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.iqiyi.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.iqiyi.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00009
[Tags] selfserver http redirect ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://chaoshi.tmall.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By
... ELSE Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00010
[Tags] selfserver http redirect ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://military.china.com/zh_cn/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By
... ELSE Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00011
[Tags] selfserver http redirect ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.tiexue.net/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.tiexue.net/ 302 X-TG-Construct-By
... ELSE Create List http://www.tiexue.net/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00012
[Tags] selfserver http redirect ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.douyu.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.douyu.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.douyu.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00013
[Tags] selfserver http redirect ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.fang.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.fang.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.fang.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00014
[Tags] selfserver http redirect ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID=","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By
... ELSE Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00015
[Tags] selfserver http redirect ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://stock.stockstar.com/gem/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By
... ELSE Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00016
[Tags] selfserver http redirect ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.kugou.com/yy/html/rank.html","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By
... ELSE Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00017
[Tags] selfserver http redirect ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yy.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yy.com/ 301 X-TG-Construct-By
... ELSE Create List https://www.yy.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00018
[Tags] selfserver http redirect ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.xiaohongshu.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By
... ELSE Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00019
[Tags] selfserver http redirect ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zhihu.com/signin?next=%2F","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By
... ELSE Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00020
[Tags] selfserver http redirect ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.pcauto.com.cn/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By
... ELSE Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00021
[Tags] selfserver http redirect ip+请求体字串匹配
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.cmbchina.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body"-kv http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.cmbchina.com/ 301 X-TG-Construct-By
... ELSE Create List http://www.cmbchina.com/ 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Http-00022
[Tags] selfserver 最大组合 http redirect
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-HTTP-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 301 X-TG-Construct-By
... ELSE Create List https://www.yhd.com 301 X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

802
01-TestCase/tsg_adc/selfserver/Api_Proxy/Redirect_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,802 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Redirect-Ssl-00001
[Tags] selfserver ip ssl redirect
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.ziroom.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.ziroom.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://www.ziroom.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00002
[Tags] selfserver ip+fqdn完整匹配 ssl redirect
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.yhd.com 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00003
[Tags] selfserver ip+cat右匹配 ssl redirect
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.toutiao.com/ch/news_hot/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.toutiao.com/ch/news_hot/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00004
[Tags] selfserver ssl redirect ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://bbs.tianya.cn/list-lookout-1.shtml","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://bbs.tianya.cn/list-lookout-1.shtml 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00005
[Tags] selfserver ssl redirect ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://kefu.ctrip.com/index","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://kefu.ctrip.com/index 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00006
[Tags] selfserver ssl redirect ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.booking.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.booking.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.booking.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00007
[Tags] selfserver ssl redirect ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.eastmoney.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.eastmoney.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.eastmoney.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00008
[Tags] selfserver ssl redirect ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.iqiyi.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.iqiyi.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.iqiyi.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00009
[Tags] selfserver ssl redirect ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://chaoshi.tmall.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://chaoshi.tmall.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00010
[Tags] selfserver ssl redirect ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://military.china.com/zh_cn/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://military.china.com/zh_cn/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00011
[Tags] selfserver ssl redirect ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.tiexue.net/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.tiexue.net/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://www.tiexue.net/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00012
[Tags] selfserver ssl redirect ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.douyu.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.douyu.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.douyu.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00013
[Tags] selfserver ssl redirect ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.fang.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.fang.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.fang.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00014
[Tags] selfserver ssl redirect ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID=","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.zealer.com/video?ZC_ACCESS_TOKEN=&ZC_UID= 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00015
[Tags] selfserver ssl redirect ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://stock.stockstar.com/gem/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://stock.stockstar.com/gem/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00016
[Tags] selfserver ssl redirect ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.kugou.com/yy/html/rank.html","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.kugou.com/yy/html/rank.html 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00017
[Tags] selfserver ssl redirect ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yy.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yy.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.yy.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00018
[Tags] selfserver ssl redirect ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.xiaohongshu.com/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.xiaohongshu.com/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00019
[Tags] selfserver ssl redirect ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.zhihu.com/signin?next=%2F","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.zhihu.com/signin?next=%2F 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00020
[Tags] selfserver ssl redirect ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.pcauto.com.cn/","code":302,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.pcauto.com.cn/ 302 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00021
[Tags] selfserver ssl redirect ip+请求体字串匹配
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"http://www.cmbchina.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_CONTENT,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List http://www.cmbchina.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List http://www.cmbchina.com/ 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Redirect-Ssl-00022
[Tags] selfserver 最大组合 ssl redirect
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_by_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_by_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Redirect-SSL-00022 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"redirect","to":"https://www.yhd.com/","code":301,"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${object_by_Id}|TSG_FIELD_HTTP_REQ_CONTENT,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List https://www.yhd.com 301 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List https://www.yhd.com 301 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

762
01-TestCase/tsg_adc/selfserver/Api_Proxy/Replace_Http_Tests.robot Normal file
View File

@@ -0,0 +1,762 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Replace-Http-00001
[Tags] selfserver ip http replace
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv \ http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00002
[Tags] selfserver ip+fqdn完整匹配 http replace
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_uri","find":"xiaozhu/xiaozhu.html","replace_with":"nationalbank/nationalbank.html"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00003
[Tags] selfserver ip+cat右匹配 http replace
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"test","replace_with":"12345678"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List 12345678
... ELSE Create List 12345678
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00004
[Tags] selfserver http replace ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*xiaozhu.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"酒店式公寓","replace_with":"онлайнвхорошемкачествеслюбыхустройст"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List онлайнвхорошемкачествеслюбыхустройст
... ELSE Create List онлайнвхорошемкачествеслюбыхустройст
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00005
[Tags] selfserver http replace ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"酒店式公寓","replace_with":"Newsgd.com is the premier online source of Guangdong news and information"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Newsgd.com is the premier online source of Guangdong news and information
... ELSE Create List Newsgd.com is the premier online source of Guangdong news and information
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00006
[Tags] selfserver http replace ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00007
[Tags] selfserver http replace ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"test","replace_with":"nhwy"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List nhwy
... ELSE Create List nhwy
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00008
[Tags] selfserver http replace ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_header","find":"Mozilla/5.0","replace_with":"1234"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List open.node.com X-TG-Construct-By
... ELSE Create List open.node.com X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00009
[Tags] selfserver http replace ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00010
[Tags] selfserver http replace ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"发送POST请求","replace_with":"发送GET请求"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求
... ELSE Create List 发送GET请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00011
[Tags] selfserver http replace ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00012
[Tags] selfserver http replace ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00013
[Tags] selfserver http replace ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*charset=UTF-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"酒店式公寓","replace_with":"Technology"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Technology
... ELSE Create List Technology
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00014
[Tags] selfserver http replace ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"酒店式公寓","replace_with":"你好五一"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0001.bat
... ELSE set variable curl -kv http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 你好五一
... ELSE Create List 你好五一
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00015
[Tags] selfserver http replace ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=utf-8|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0003.bat
... ELSE set variable curl -kv http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00016
[Tags] selfserver http replace ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redirect-HTTP-0002.bat
... ELSE set variable curl -kv \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00017
[Tags] selfserver http replace ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00018
[Tags] selfserver http replace ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"发送POST请求","replace_with":"发送GET请求"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求
... ELSE Create List 发送GET请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00019
[Tags] selfserver http replace ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"test","replace_with":"zxcvbnm"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Redircet-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv \ http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm
... ELSE Create List zxcvbnm
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00020
[Tags] selfserver http replace ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00017.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List text/json
... ELSE Create List text/json
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Http-00021
[Tags] selfserver 最大组合 http replace
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject= isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-HTTP-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"test","replace_with":"zxcvbnm"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm
... ELSE Create List zxcvbnm
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

761
01-TestCase/tsg_adc/selfserver/Api_Proxy/Replace_Ssl_Tests.robot Normal file
View File

@@ -0,0 +1,761 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc proxy_policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
ProxyPolicy-Replace-Ssl-00001
[Tags] selfserver ip ssl replace
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00001 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00002
[Tags] selfserver ip+fqdn完整匹配 ssl replace
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00002 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_uri","find":"rutube/rutube.html","replace_with":"bytedance/bytedance.html"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 字节跳动 Tango Secure Gateway CA \ \ \ Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00003
[Tags] selfserver ip+cat右匹配 ssl replace
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*node.com
${rescode} ${object_cat_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_cat_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00003 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"test","replace_with":"12345678"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_cat_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 12345678 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 12345678 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00004
[Tags] selfserver ssl replace ip+url右匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*rutube.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00004 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"видео","replace_with":"酒店式公寓"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 酒店式公寓 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00005
[Tags] selfserver ssl replace ip+url字串匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00005 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"twitter","replace_with":"Newsgd.com is the premier online source of Guangdong news and information"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List Newsgd.com is the premier online source of Guangdong news and information Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List Newsgd.com is the premier online source of Guangdong news and information Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00006
[Tags] selfserver ssl replace ip+url完整匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/bytedance/bytedance.html
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00006 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00007
[Tags] selfserver ssl replace ip+url左匹配
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node*
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00007 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"test","replace_with":"nhwy"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List nhwy Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List nhwy Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00008
[Tags] selfserver ssl replace ip+请求头右匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00008 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_req_header","find":"Mozilla/5.0","replace_with":"1234"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List open.node.com X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List open.node.com X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00009
[Tags] selfserver ssl replace ip+请求头字串匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00009 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List text/json X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00010
[Tags] selfserver ssl replace ip+请求头完整匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00010 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"发送POST请求","replace_with":"发送GET请求"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求 X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List 发送GET请求 X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00011
[Tags] selfserver ssl replace ip+请求头左匹配
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00011 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0008.bat
... ELSE set variable curl -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' \ https://open.node.com
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List text/json X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00012
[Tags] selfserver ssl replace ip+cookie字串匹配
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=test
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00012 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_REQ_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0012.bat
... ELSE set variable curl -kv --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'https://www.baidu.com/' \ https://open.node.com/test/nationalbank/nationalbank.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00013
[Tags] selfserver ssl replace ip+应答头右匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00013 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"видео","replace_with":"онлайнвхорошемкачествеслюбыхустройст"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List онлайнвхорошемкачествеслюбыхустройст Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List онлайнвхорошемкачествеслюбыхустройст Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00014
[Tags] selfserver ssl replace ip+应答头字串匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00014 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"видео","replace_with":"你好五一"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 你好五一 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 你好五一 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00015
[Tags] selfserver ssl replace ip+应答头完整匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00015 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00016
[Tags] selfserver ssl replace ip+应答头左匹配
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html*|Content-Type
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00016 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00017
[Tags] selfserver ssl replace ip+set-cookie右匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*HttpOnly|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00017 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00018
[Tags] selfserver ssl replace ip+set-cookie字串匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Path=/tsgInterface|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00018 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"发送POST请求","replace_with":"发送GET请求"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List 发送GET请求 Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List 发送GET请求 Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00019
[Tags] selfserver ssl replace ip+set-cookie完整匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00019 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"test","replace_with":"zxcvbnm"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/ProxyPolicy-Deny-SSL-0019.bat
... ELSE set variable curl -kv \ -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List zxcvbnm Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00020
[Tags] selfserver ssl replace ip+set-cookie左匹配
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=JSESSIONID*|Set-Cookie
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00020 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_header","find":"html","replace_with":"json"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${objectId}|TSG_FIELD_HTTP_RES_HDR,${object_url_Id}|TSG_FIELD_HTTP_URL
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Deny-SSL-00017.bat
... ELSE set variable curl -kv https://open.node.com/
@{stringlist} run keyword if '${systemType}'=='Windows' Create List text/json Tango Secure Gateway CA X-TG-Construct-By
... ELSE Create List text/json Tango Secure Gateway CA X-TG-Construct-By
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
ProxyPolicy-Replace-Ssl-00021
[Tags] selfserver 最大组合 ssl replace
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_rq_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_rq_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=charset|Content-Type
${rescode} ${object_re_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_re_Id}
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject= isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId1} set Variable {"policyType":"tsg_security","policyIds":[${policyId}]}
${policyIds} Create List ${policyId1}
Comment 创建管控策略
${policyDict} Create Dictionary policyName=proxyPolicy-Replace-SSL-00021 policyType=pxy_manipulation policyDesc=autotest userTags= action=manipulation effectiveRange= userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"test","replace_with":"zxcvbnm"}],"protocol":"HTTP"} isValid=${1} appObjectIdArray=2 referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_rq_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_re_Id}|TSG_FIELD_HTTP_RES_HDR,${objectId}|TSG_SECURITY_DESTINATION_ADDR
${rescode} ${policyId3} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyId2} set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId3}]}
${policyIds} Create List ${policyId1} ${policyId2}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-SSL-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'https://www.baidu.com/' https://open.node.com/action
@{stringlist} run keyword if '${systemType}'=='Windows' Create List zxcvbnm X-TG-Construct-By Tango Secure Gateway CA
... ELSE Create List zxcvbnm X-TG-Construct-By Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId3}
GetLogList proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

0
01-TestCase/tsg_adc/selfserver/Api_Security/.gitkeep Normal file
View File

126
01-TestCase/tsg_adc/selfserver/Api_Security/Allow_Http_Tests.robot Normal file
View File

@@ -0,0 +1,126 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Allow-Http-00001
[Tags] Selfserver Allow Http Ip
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Allow-Http-00002
[Tags] Selfserver Allow Http Ip+Cat右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-HTTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 您可以免费加入成为频道会员
... ELSE Create List 关闭播放器
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Allow-Http-00003
[Tags] Selfserver Allow Http Ip+Fqdn完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Allow-Http-00004
[Tags] Selfserver Allow Http Ip+Fqdn完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

97
01-TestCase/tsg_adc/selfserver/Api_Security/Allow_SSL_Tests.robot Normal file
View File

@@ -0,0 +1,97 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Allow-SSL-00001
[Tags] Selfserver Allow Ssl Ip
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List видео
... ELSE Create List рутуб
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Allow-SSL-00002
[Tags] Selfserver Allow Ssl Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Twitter
... ELSE Create List 新鲜事一网打尽
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Allow-SSL-00003
[Tags] Selfserver Allow Ssl Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=allow effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动
... ELSE Create List 字节跳动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

64
01-TestCase/tsg_adc/selfserver/Api_Security/Deny_DNS_Tests.robot Normal file
View File

@@ -0,0 +1,64 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-DNS-00001
[Tags] Selfserver Deny Dns Ip+Fqdn右匹配
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*yhd.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "DNS","method":"drop"} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.yhd.com
... ELSE set variable nslookup -d www.yhd.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 超时
... ELSE Create List canonical name = www.yhd.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname yhd.com
SecurityPolicy-Deny-DNS-00002
[Tags] Selfserver Deny Dns Ip+Cat完整匹配
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$www.toutiao.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.vip.com","ttl":{"min":300,"max":300}}]}]} isValid=${1} appObjectIdArray=4
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.toutiao.com
... ELSE set variable nslookup \ www.toutiao.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List canonical name = www.vip.com
... ELSE Create List canonical name = www.vip.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname toutiao.com

124
01-TestCase/tsg_adc/selfserver/Api_Security/Deny_FTP_Tests.robot Normal file
View File

@@ -0,0 +1,124 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Library Custometest
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-Ftp-00001
[Tags] Selfserver Deny Ftp Account子串匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Deny-Ftp-00002
[Tags] Selfserver Deny Ftp Account右匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Deny-Ftp-00003
[Tags] Selfserver Deny Ftp Account完整匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Deny-Ftp-00004
[Tags] Selfserver Deny Ftp Account左匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_u*
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Deny-Ftp-00005
[Tags] Selfserver Deny Ftp Account子串匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-FTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"FTP","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_down ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" 435814 zmmtext123.txt
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user

927
01-TestCase/tsg_adc/selfserver/Api_Security/Deny_Http_Tests.robot Normal file
View File

@@ -0,0 +1,927 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-Http-00001
[Tags] Selfserver Ip Deny Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00002
[Tags] Selfserver Deny Http Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00003
[Tags] Selfserver Deny Http Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00004
[Tags] Selfserver Deny Http Ip+Url字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node.com
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00005
[Tags] Selfserver Deny Http Ip+Url右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*youtube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00006
[Tags] Selfserver Deny Http Ip+Url完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 123123
... ELSE Create List 123123
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00007
[Tags] Selfserver Deny Http Ip+Url左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open*
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00008
[Tags] Selfserver Deny Ip+请求头字串匹配 Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00009
[Tags] Selfserver Deny Http Ip+请求头右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00010
[Tags] Selfserver Deny Http Ip+请求头完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":404,"message":"123123"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 123123
... ELSE Create List 123123
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00011
[Tags] Selfserver Deny Http Ip+请求头左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00011 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00012
[Tags] Selfserver Http Ip+Cookie子串匹配 Deny
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00012 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00013
[Tags] Selfserver Deny Http Ip+应答头字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00014
[Tags] Selfserver Deny Http Ip+应答头右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*utf-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00014 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00015
[Tags] Selfserver Deny Http Ip+应答头完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00015 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00016
[Tags] Selfserver Deny Http Ip+应答头左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text*|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00016 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00017
[Tags] Selfserver Deny Http Ip+Set-Cookie字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=4567|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00017 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl \ http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00018
[Tags] Selfserver Deny Http Ip+Set-Cookie右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*5678|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00018 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl \ http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00019
[Tags] Selfserver Deny Ip+Set-Cookie完整匹配 Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00019 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl \ http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00020
[Tags] Selfserver Deny Ip+Set-Cookie左匹配 Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=1234*|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00020 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl \ http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00021
[Tags] Selfserver Deny Ip+请求体 Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00021 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00022
[Tags] Selfserver Deny Http Ip+应答体
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00022 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00023
[Tags] Selfserver Deny Http 最大组合
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00023 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR,${object_RQ_Id} |TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00024
[Tags] selfserver deny Http IP+host block
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00024 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"block","code":403,"html_profile":${profiledId}} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00025
[Tags] selfserver deny Http IP+host alert
Comment 创建第二个源IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.10|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00025 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"alert","code":200,"message":"No Content"} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${objectId}|TSG_SECURITY_SOURCE_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List No Content
... ELSE Create List No Content
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00026
[Tags] selfserver deny Http IP+host alert
Comment 创建第二个源IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.10|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
#创建引用文件
${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages
${profiledId} Get From Dictionary ${response} profileId
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00026 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"HTTP","method":"alert","code":200,"html_profile":${profiledId}} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${objectId}|TSG_SECURITY_SOURCE_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
... ELSE Create List Sorry, the page you requested does not exist, has been deleted, or is temporarily unavailable
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00027
[Tags] Selfserver Deny Http 最大组合
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=action
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CK_Id}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_CT_Id}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00027 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR,${object_RQ_Id}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/proxyPolicy-Redirect-HTTP-00023.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" -kv --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00028
[Tags] selfserver deny http 多ip+fqdn
Comment 创建第二个源IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.50.18|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00028 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_SOURCE_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00029
[Tags] selfserver deny 多协议 ip
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00029 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2,3,4,5,6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-Http-00030
[Tags] selfserver deny http 新增Filter条件 ip+fqdn
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=nationalbank
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00030 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
Comment 修改策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-HTTP-00030 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "HTTP","method":"drop"} referenceObject=${object_fqdn_Id}|TSG_FIELD_HTTP_HOST,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2 policyId=${policyId}
${rescode} ${policyId} EditPolicy ${policyDict} update
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Message content over the limit has been removed
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

628
01-TestCase/tsg_adc/selfserver/Api_Security/Deny_MAIL_Tests.robot Normal file
View File

@@ -0,0 +1,628 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
Library Custometest
Resource ../../../../02-Keyword/tsg_common/StmpHandle.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-Mail-00001
[Tags] Selfserver Subject右匹配 Mail Deny
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=*test
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00002
[Tags] Selfserver Subject完整匹配 Mail Deny
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=$你好明天
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00003
[Tags] Selfserver Subject字串匹配 Mail Deny
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00004
[Tags] Selfserver Subject左匹配 Mail Deny
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=zxcv*
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00005
[Tags] Selfserver Content字串匹配 Mail Deny
Comment 创建Content
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_Content_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Content_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Content_Id}|TSG_FIELD_MAIL_CONTENT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123123132
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable Простопорно
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00006
[Tags] Selfserver Deny ATT_CONT字串匹配 Mail
Comment 创建ATT_CONT
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_ATT_CONT_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_ATT_CONT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_ATT_CONT_Id}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00007
[Tags] Selfserver Deny From右匹配 Mail
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*il.com
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00008
[Tags] Selfserver Deny From完整匹配 Mail
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$jwctest@mail.tsgmail.com
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00008 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00009
[Tags] Selfserver Deny From字串匹配 Mail
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=tsgmail
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00009 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00010
[Tags] Selfserver Deny From左匹配 Mail
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwct*
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00010 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00011
[Tags] Selfserver Deny To右匹配 Mail
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*il.com
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00011 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00012
[Tags] Selfserver Mali Deny To完整匹配
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$zmmtest@mail.tsgmail.com
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00012 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00013
[Tags] Selfserver Mali Deny To字串匹配
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=zmmtes
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00013 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["tsgtest@mail.tsgmail.com"]
${密送者} Set Variable ["yyqtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00014
[Tags] Selfserver Mali Deny To左匹配
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=zmmt*
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00014 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00015
[Tags] Selfserver Mali Deny Account右匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*ail.com
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00015 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00016
[Tags] Selfserver Mali Deny Account完整匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$jwctest@mail.tsgmail.com
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00016 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"rst"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00017
[Tags] Selfserver Mali Deny Account字串匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwcte
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00017 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Deny-Mail-00018
[Tags] Selfserver Mali Deny Account左匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwctest*
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-Mail-00018 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol":"MAIL","method":"drop"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com

213
01-TestCase/tsg_adc/selfserver/Api_Security/Deny_SSL_Tests.robot Normal file
View File

@@ -0,0 +1,213 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-SSL-00001
[Tags] Selfserver Ip Deny Ssl
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00002
[Tags] Selfserver Ssl Deny Sni Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Operation timed out after
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00003
[Tags] Selfserver Deny Sni Ssl Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Operation timed out after
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00004
[Tags] Selfserver Ssl Deny Ip+Fqdn右匹配 Cn
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00005
[Tags] Selfserver Deny Cn Ssl Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00006
[Tags] Selfserver Ssl Deny Ip+Fqdn右匹配 San
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"rst"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Deny-SSL-00007
[Tags] Selfserver Deny San Ssl Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Allow-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=deny effectiveRange= userRegion={"protocol": "SSL","method":"drop"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

97
01-TestCase/tsg_adc/selfserver/Api_Security/Intercept_Http_Tests.robot Normal file
View File

@@ -0,0 +1,97 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Intercept-Http-00001
[Tags] Selfserver Intercept Ip Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Intercept-Http-00002
[Tags] Selfserver Intercept Http Ip+Cat右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 您可以免费加入成为频道会员
... ELSE Create List 关闭播放器
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Intercept-Http-00003
[Tags] Selfserver Intercept Http Ip+Fqdn完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

97
01-TestCase/tsg_adc/selfserver/Api_Security/Intercept_SSL_Tests.robot Normal file
View File

@@ -0,0 +1,97 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Intercept-SSL-00001
[Tags] Selfserver Intercept Ssl Ip
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
@{stringlist} run keyword if '${systemType}'=='Windows' set variable видео Tango Secure Gateway CA
... ELSE set variable рутуб Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Intercept-SSL-00002
[Tags] Selfserver Intercept Ssl Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
@{stringlist} run keyword if '${systemType}'=='Windows' set variable Twitter Tango Secure Gateway CA
... ELSE set variable 新鲜事一网打尽 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Intercept-SSL-00003
[Tags] Selfserver Intercept Ssl Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=intercept effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
@{stringlist} run keyword if '${systemType}'=='Windows' set variable 字节跳动 Tango Secure Gateway CA
... ELSE set variable 字节跳动 Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

64
01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_DNS_Tests.robot Normal file
View File

@@ -0,0 +1,64 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Monitor-DNS-00001
[Tags] Selfserver Monitor Dns Ip+Fqdn右匹配
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*yhd.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=Monitor effectiveRange= userRegion={"protocol": "DNS"} isValid=${1} appObjectIdArray=4 referenceObject=${object_fqdn_Id}|TSG_FIELD_DNS_QNAME
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.yhd.com
... ELSE set variable nslookup -d www.yhd.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List canonical name = www.yhd.com
... ELSE Create List canonical name = www.yhd.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname yhd.com
SecurityPolicy-Monitor-DNS-00002
[Tags] Selfserver Monitor Dns Ip+Cat完整匹配
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$www.toutiao.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Deny-DNS-00001 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"DNS"} isValid=${1} appObjectIdArray=4
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable nslookup -d www.toutiao.com
... ELSE set variable nslookup -d www.toutiao.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List canonical name = www.toutiao.com
... ELSE Create List canonical name = www.toutiao.com
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname toutiao.com

124
01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_FTP_Tests.robot Normal file
View File

@@ -0,0 +1,124 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Library Custometest
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Monitor-Ftp-00001
[Tags] Selfserver Ftp Monitor Account字串匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-FTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"FTP"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Monitor-Ftp-00002
[Tags] Selfserver Ftp Monitor Account右匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-FTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"FTP"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Monitor-Ftp-00003
[Tags] Selfserver Ftp Account完整匹配 Monitor
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-FTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"FTP"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Monitor-Ftp-00004
[Tags] Selfserver Ftp Monitor Account左匹配
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_u*
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-FTP-00004 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"FTP"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_login ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" english
should contain ${FTP} ftp_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user
SecurityPolicy-Monitor-Ftp-00005
[Tags] Selfserver Ftp Account字串 Monitor
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=ftp_user
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-FTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"FTP"} referenceObject=${object_Account_Id}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appObjectIdArray=6
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${FTP} FTP_down ftp://192.168.100.5/test.txt -u"ftp_user:qazXSW@edc" 7 zmmtext123.txt
should contain ${FTP} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ftp_user

648
01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_Http_Tests.robot Normal file
View File

@@ -0,0 +1,648 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Monitor-Http-00001
[Tags] Selfserver Monitor Ip Http
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00001 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0001.bat
... ELSE set variable curl http://open.node.com/test/xiaozhu/xiaozhu.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 酒店式公寓
... ELSE Create List 酒店式公寓
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00002
[Tags] Selfserver Monitor Http Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00002 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 您可以免费加入成为频道会员
... ELSE Create List 关闭播放器
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00003
[Tags] Selfserver Monitor Http Ip+Cat完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00003 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_HTTP_HOST isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00004
[Tags] Selfserver Monitor Http Ip+Url字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open.node.com
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00004 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00005
[Tags] Selfserver Monitor Http Ip+Url右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=*youtube.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00005 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 您可以免费加入成为频道会员
... ELSE Create List 关闭播放器
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00006
[Tags] Selfserver Monitor Http Ip+Url完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=$open.node.com/test/nationalbank/nationalbank.html
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00006 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00007
[Tags] Selfserver Monitor Http Ip+Url左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建url
${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=open*
${rescode} ${object_url_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_url_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00007 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_url_Id}|TSG_FIELD_HTTP_URL isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00008
[Tags] Selfserver Monitor Http Ip+请求头字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Chrome|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00008 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00009
[Tags] Selfserver Monitor Http Ip+请求头右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00009 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00010
[Tags] Selfserver Monitor Http Ip+请求头完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00010 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00011
[Tags] Selfserver Monitor Http Ip+请求头左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建请求头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent
${rescode} ${object_UA_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_UA_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00011 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_UA_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0008.bat
... ELSE set variable curl \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36" --referer 'http://www.baidu.com/' \ http://open.node.com
${stringlist} run keyword if '${systemType}'=='Windows' Create List 发送POST请求
... ELSE Create List 发送POST请求
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00012
[Tags] Selfserver Monitor Http Ip+Cookie子串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=_ym_isad=2|Cookie
${rescode} ${object_CK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_CK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00012 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CK_Id}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0012.bat
... ELSE set variable curl --cookie "*_ga=GA1.2.721078436.1587543528; _gid=GA1.2.916148851.1587543528; _gat=1; _ym_uid=1587543532244912958; _ym_d=1587543532; _ym_isad=2" --referer 'http://www.baidu.com/' \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00013
[Tags] Selfserver Monitor Http Ip+应答头字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=utf-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00013 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00014
[Tags] Selfserver Monitor Http Ip+应答头右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*utf-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00014 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0002.bat
... ELSE set variable curl \ http://open.node.com/test/youtube/youtube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 您可以免费加入成为频道会员
... ELSE Create List 关闭播放器
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00015
[Tags] Selfserver Monitor Http Ip+应答头完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html; charset=UTF-8|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00015 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00016
[Tags] Selfserver Monitor Http Ip+应答头左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建应答头
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text*|Content-Type
${rescode} ${object_CT_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_CT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00016 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_CT_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List ақстан Республ
... ELSE Create List ақстан Республ
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00017
[Tags] Selfserver Monitor Http Ip+Set-Cookie字串匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=4567|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00017 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00018
[Tags] Selfserver Monitor Http Ip+Set-Cookie右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*5678|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00018 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00019
[Tags] Selfserver Monitor Http Ip+Set-Cookie完整匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$12345678|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00019 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00020
[Tags] Selfserver Monitor Http Ip+Set-Cookie左匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建set-cookie
${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=1234*|Set-Cookie
${rescode} ${object_SK_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_SK_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00020 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_SK_Id}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00021
[Tags] Selfserver Monitor Http Ip+请求体
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建请求体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=test
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00021 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_REQ_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-HTTP-0017.bat
... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=test&setCookie=12345678&contentType=content-type&resBody=Response Body" http://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List test
... ELSE Create List test
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-Http-00022
[Tags] Selfserver Monitor Http Ip+应答体
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建应答体
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=Ұлттық
${rescode} ${object_RQ_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_RQ_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-HTTP-00022 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "HTTP"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_RQ_Id}|TSG_FIELD_HTTP_RES_CONTENT isValid=${1} appObjectIdArray=2
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-HTTP-0003.bat
... ELSE set variable curl \ http://open.node.com/test/nationalbank/nationalbank.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List nationalbank
... ELSE Create List nationalbank
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

628
01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_MAIL_Tests.robot Normal file
View File

@@ -0,0 +1,628 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
Library Custometest
Resource ../../../../02-Keyword/tsg_common/StmpHandle.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Monitor-Mail-00001
[Tags] Selfserver Subject右匹配 Mail Monitor
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=*test
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00001 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00002
[Tags] Selfserver Mali Subject完整匹配 Monitor
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=$你好明天
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00002 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00003
[Tags] Selfserver Mali Subject字串匹配 Monitor
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00003 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00004
[Tags] Selfserver Subject左匹配 Mail Monitor
Comment 创建Subject
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=zxcv*
${rescode} ${object_Subject_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Subject_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00004 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Subject_Id}|TSG_FIELD_MAIL_SUBJECT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00005
[Tags] Selfserver Content字串匹配 Mail Monitor
Comment 创建Content
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_Content_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Content_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00005 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Content_Id}|TSG_FIELD_MAIL_CONTENT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123123132
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable Простопорно
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00006
[Tags] Selfserver ATT_CONT字串匹配 Monitor Mail
Comment 创建ATT_CONT
${objectDict} Create Dictionary objectType=keywords isValid=${1} addItemList=стопо
${rescode} ${object_ATT_CONT_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_ATT_CONT_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00006 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_ATT_CONT_Id}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/姬巍川测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00007
[Tags] Selfserver Mali From右匹配 Monitor
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*il.com
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00007 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00008
[Tags] Selfserver From完整匹配 Monitor Mail
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$jwctest@mail.tsgmail.com
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00008 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00009
[Tags] Selfserver From字串匹配 Mail Monitor
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=tsgmail
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00009 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00010
[Tags] Selfserver From左匹配 Mail Monitor
Comment 创建From
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwct*
${rescode} ${object_From_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_From_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00010 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_From_Id}|TSG_FIELD_MAIL_FROM isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00011
[Tags] Selfserver To右匹配 Mail Monitor
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*il.com
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00011 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00012
[Tags] Selfserver To完整匹配 Monitor Mail
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$zmmtest@mail.tsgmail.com
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00012 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00013
[Tags] Selfserver To字串匹配 Monitor Mail
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=zmmtes
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00013 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["tsgtest@mail.tsgmail.com"]
${密送者} Set Variable ["yyqtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00014
[Tags] Selfserver To左匹配 Mail Monitor
Comment 创建To
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=zmmt*
${rescode} ${object_To_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_To_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00014 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_To_Id}|TSG_FIELD_MAIL_TO isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00015
[Tags] Selfserver Account右匹配 Mail monitor
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=*ail.com
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00015 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 123test
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00016
[Tags] Selfserver Account完整匹配 Mail Monitor
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=$jwctest@mail.tsgmail.com
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00016 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable 你好明天
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00017
[Tags] Selfserver Account字串匹配 Monitor Mail
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwcte
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-Mail-00017 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable Простопорно
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com
SecurityPolicy-Monitor-Mail-00018
[Tags] Selfserver Account左匹配 Monitor Mail
Comment 创建Account
${objectDict} Create Dictionary objectType=account isValid=${1} addItemList=jwctest*
${rescode} ${object_Account_Id} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${object_Account_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-monitor-Mail-00018 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"MAIL"} referenceObject=${object_Account_Id}|TSG_FIELD_MAIL_ACCOUNT isValid=${1} appObjectIdArray=5
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable jwctest@mail.tsgmail.com
${邮箱密码} Set Variable jwctest
${邮件主题} Set Variable zxcvbnm
${发送者} Set Variable jwctest@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["zmmtest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明content
${发送邮件返回结果} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
Log ${发送邮件返回结果}
should contain ${发送邮件返回结果} mail_success
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_account jwctest@mail.tsgmail.com

213
01-TestCase/tsg_adc/selfserver/Api_Security/Monitor_SSL_Tests.robot Normal file
View File

@@ -0,0 +1,213 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Security_Policy
Library OperatingSystem
Resource ../../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../../02-Keyword/tsg_bfapi/ApiRequest.robot
Resource ../../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Monitor-SSL-00001
[Tags] Selfserver Monitor Ip Ssl
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00001 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0001.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/rutube/rutube.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List видео
... ELSE Create List рутуб
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00002
[Tags] Selfserver Monitor Ssl Sni Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00002 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Twitter
... ELSE Create List 新鲜事一网打尽
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00003
[Tags] Selfserver Monitor Ssl Ip+Cat完整匹配 Sni
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00003 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SNI isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动
... ELSE Create List 字节跳动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00004
[Tags] Selfserver SSL Monitor Cn Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00004 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Twitter
... ELSE Create List 新鲜事一网打尽
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00005
[Tags] Selfserver Monitor Ssl Ip+Cat完整匹配 Cn
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00005 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_CN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动
... ELSE Create List 字节跳动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00006
[Tags] Selfserver Monitor Ssl San Ip+Fqdn右匹配
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建fqdn
${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00006 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol":"SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0002.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/twitter/twitter.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List Twitter
... ELSE Create List 新鲜事一网打尽
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
SecurityPolicy-Monitor-SSL-00007
[Tags] Selfserver Monitor Ssl Ip+Cat完整匹配 San
Comment 创建目标IP
${objectDict} Create Dictionary objectType=ip isValid=${1} addItemList=CIDR|192.168.100.5|32|0/0
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId}
Comment 创建cat
${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=$open.node.com
${rescode} ${object_fqdn_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectId} ${object_fqdn_Id}
Comment 创建安全策略
${policyDict} Create Dictionary policyName=SecurityPolicy-Monitor-SSL-00007 policyType=tsg_security policyDesc=autotest userTags= action=monitor effectiveRange= userRegion={"protocol": "SSL"} referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_fqdn_Id}|TSG_FIELD_SSL_SAN isValid=${1} appObjectIdArray=3
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
#删除策略
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Intercept-SSL-0003.bat
... ELSE set variable curl \ -kv \ https://open.node.com/test/bytedance/bytedance.html
${stringlist} run keyword if '${systemType}'=='Windows' Create List 字节跳动
... ELSE Create List 字节跳动
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com

133
01-TestCase/tsg_adc/selfserver/SelfServerDenyAllTests.robot Normal file
View File

@@ -0,0 +1,133 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security all_protol
Library OperatingSystem
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/PolicyObjectDefault.txt
Resource ../../../02-Keyword/tsg_common/StmpHandle.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Library Custometest
Library json
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
SelfServerSecurityPolicy-Deny-AllProtol-00001
[Tags] securitypolciy deny allprotol selfserver
${caseName} set variable SelfServerSecurityPolicy-Deny-AllProtol-00001
# 创建对象-IP
# addItemList全参数为方便说明将参数值拆分为几部分其实际值为单条无空格/回车字符串,每部分内代表的各参数不可跳跃。)
# [addrType]|[protocol]|[direction]|[isSession]# 第一部分(可省略)
# [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]& 第二部分(不可省略)
# [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]| 第三部分(可省略)
# [isInitialize]|[itemName]|[itemDesc], 第四部分(可省略)
# ...
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=${Default_IsValid}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建安全策略针对所有协议相当于BlackIP
${policyDict} Create Dictionary
... policyName=${caseName}_IPobject
... policyType=${tsg_security}
... policyDesc=${Default_PolicyDesc}
... action=deny
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"rst"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
... isValid=${Default_IsValid}
... appObjectIdArray=${Default_AppObjectIdArray}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
#默认客户端条件类型clientip or clientsubid ${Default_Client_Type}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
Comment 功能端验证HTTP验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_HTTP.bat
... ELSE set variable curl -kv http://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
... ELSE Create List Connection reset by peer
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat
... ELSE set variable curl -kv https://open.node.com/
${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset
#OpenSSL SSL_connect: Connection was reset in connection to
#Send failure: Connection was reset
... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
Comment 功能端验证DNS验证
Comment 功能端验证MAIL验证
${starttime} Get Time
#${mail} EmailLogin mail.tsgmail.com 25 dongxiaoyan@mail.tsgmail.com dxy123
${starttime} Get Time
${Smtp服务器} Set Variable 192.168.100.5
${Smtp服务器端口} Set Variable 25
${邮箱账号} Set Variable dongxiaoyan@mail.tsgmail.com
${邮箱密码} Set Variable dxy123
${邮件主题} Set Variable что- иностранныеsuject
${发送者} Set Variable dongxiaoyan@mail.tsgmail.com
${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"]
${接收者} Set Variable ["jwctest@mail.tsgmail.com"]
${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"]
${密送者} Set Variable ["lyftest@mail.tsgmail.com"]
${邮件正文} Set Variable 朱明明contentчто-иностранныеsuject
${mail} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件}
should contain ${mail} mail_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_protocol_type SMTP
Comment 功能端验证FTP验证
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${ftpLogin} FTP_login ftp://192.168.100.5:21 -u"ftp_user:qazXSW@edc" test.txt
should contain ${ftpLogin} ftp_fail
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account ''
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}

137
01-TestCase/tsg_adc/test_demo/AllFlowDemo.robot Normal file
View File

@@ -0,0 +1,137 @@
*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags tsg_adc Demo
Library OperatingSystem
Library json
Library Collections
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../03-Variable/AllFlowCaseVariable.txt
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Keywords ***
create-object-policy
[Arguments] @{flag}
#创建对象
${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"SecurityPolicy-HTTPS-Intecept-Demo001dxytest_fqdn_baidu", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*baidu.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${objectId}
${objectids} set Variable ${objectId}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo001","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"protocol_errors":0,"cert_pinning":0},"certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":0},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_SSL_SNI"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[3]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
log ${rescode}
log ${policyId}
# 区分执行方式
${value} Run Keyword If ${flag}==[] insert_policyId_to_file SecurityPolicy-SSL-Intecept-Demo001 ${policyId} ${objectids}
... ELSE Create Dictionary policyId=${policyId} objectId=${objectids}
Set Test Variable ${dict} ${value}
function-test
# 功能端验证
@{stringlist} set variable CN=Tango Secure Gateway CA Content-Type: text/html value=百度一下
${starttime} Get Time
log ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
FOR ${var} IN @{stringlist}
log ${var}
Should Contain ${commandreturn} ${var}
END
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
# 区分执行方式
Run Keyword If ${dict}==${None} insert_time_to_file SecurityPolicy-SSL-Intecept-Demo001 ${starttime} ${endtime}
... ELSE Run Keyword Set To Dictionary ${dict} starttime=${starttime} endtime=${endtime}
log-test
# 日志验证
${obj} Run Keyword If ${dict}==${None} json.Loads ${SecurityPolicy-SSL-Intecept-Demo001}
... ELSE Set Variable ${dict}
${policyId} Set Variable ${obj}[policyId]
${s} Convert to String ${policyId}
GetLogList security_event_log ${obj}[starttime] ${obj}[endtime] ${testClentIP} ${s} ssl_sni baidu.com
# 清理测试数据
#${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
# DeletePolicyAndObject ${policyIds} ${obj}[objectId]
*** Test Cases ***
SecurityPolicy-DNS-Deny-Redrict-Demo001
[Tags] SecurityPolciy DNS DENY Redirect
#登录 放到setup
#Login
#创建对象fqdn
${rescode} ${objectId} AddObject { \ \ \ \ "opAction":"add", \ \ \ \ "returnData":1, \ \ \ \ "objectList":[ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ "objectType":"fqdn", \ \ \ \ \ \ \ \ \ \ \ \ "objectName":"SecurityPolicy-DNS-Deny-Redrict-Demo001dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "objectDesc":"dxytest_fqdn_jd", \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0, \ \ \ \ \ \ \ \ \ \ \ \ "isExclusion":0, \ \ \ \ \ \ \ \ \ \ \ \ "subObjectIds":[], \ \ \ \ \ \ \ \ \ \ \ \ "addItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ { \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemName":"item name", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "itemDesc":"item description", \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "keywordArray":[ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "*jd.com" \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isHexbin":0, \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ "isInitialize":0 \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ } \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "updateItemList":[ \ \ \ \ \ \ \ \ \ \ \ \ ], \ \ \ \ \ \ \ \ \ \ \ \ "deleteItemIds":[ \ \ \ \ \ \ \ \ \ \ \ \ ] \ \ \ \ \ \ \ \ } \ \ \ \ ] }
log ${objectId}
${objectids} set Variable ${objectId}
#多个id拼接
#${objectids} Catenate SEPARATOR=, ${objectids} ${objectId}
#${objectids} set Variable ${objectId}
#Catenate SEPARATOR=,
#添加策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":[{"policyId":"","policyName":"SecurityPolicy-DNS-Deny-Redrict-Demo001","policyType":"tsg_security","action":"deny","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"autotest","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"DNS","method":"redirect","resolution":[{"qtype":"A","answer":[{"atype":"CNAME","value":"www.autotest1A.com","ttl":{"min":30,"max":30}},{"atype":"A","value":"1.1.1.1","ttl":{"min":30,"max":30}}]},{"qtype":"AAAA","answer":[{"atype":"CNAME","value":"www.autotest4A.com","ttl":{"min":40,"max":40}},{"atype":"AAAA","value":"f::a","ttl":{"min":40,"max":40}}]}]},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":${objectId},"protocolFields":["TSG_FIELD_DNS_QNAME"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[4]}]}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
log ${policyId}
#Integer ${rescode} 200
#目前只有一个所以无拼接
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#注意如果时多个policyId或者多个ObjectID需要拼接成,号分割的串,或者拼在下面即可
#功能端验证
${commandstr} set variable nslookup -d www.jd.com
@{stringlist} set variable canonical name = www.autotest1A.com ttl = 30 (30 secs) internet address = 1.1.1.1 canonical name = www.autotest4A.com ttl = 40 (40 secs) AAAA IPv6 address = f::a
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommand ${commandstr} @{stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
log ${rescode}
${s} Convert to String ${policyId}
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} dns_qname www.jd.com
SecurityPolicy-SSL-Intecept-Demo001
[Tags] SecurityPolciy SSL Intercept HTTPS
Run Keyword If '${testPart}'=='all' Run Keywords create-object-policy True
... AND function-test
... AND log-test
... ELSE IF ${testPart}==1 Run Keyword create-object-policy
... ELSE IF ${testPart}==2 Run Keyword function-test
... ELSE IF ${testPart}==3 Run Keyword log-test
SecurityPolicy-SSL-Intecept-Demo002
[Tags] SecurityPolciy SSL Intercept HTTPS HTTP-SSL
#因为只选择app协议时要求选择IP所有如果测试机IP不是默认对象时需要添加测试机ip作为条件
${localIP} set variable {"opAction":"add","returnData":1,"objectList":{"objectType":"ip","objectSubType":"endpoint","isValid":1,"isInitialize":0,"isExclusion":0,"objectName":"autotestLocalIPObject_SecurityPolicy-SSL-Intecept-Demo002","objectDesc":"LocalIPObject_SecurityPolicy-SSL-Intecept-Demo002自动化测试机IP","subObjectIds":[],"addItemList":[{"addrType":4,"protocol":0,"direction":0,"isSession":"endpoint","clientIp1":"${testClentIP}","clientIp2":"${testClentIP}","clientIpFormat":"range","clientPortFormat":"range","clientPort1":0,"clientPort2":0,"serverIpFormat":"range","serverIp1":"","serverIp2":"","serverPortFormat":"range","serverPort1":0,"serverPort2":0}],"updateItemList":[],"deleteItemIds":[]}}
${rescodeip} ${objidip} AddObject ${localIP}
${objectids} set Variable ${objidip}
#创建策略
${addPolicyStr} set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo002","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${objidip},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2,3]}}
${addPolicyStr} run keyword if '${addTestClentIPFlag}'=='1' set variable {"opAction":"add","returnData":1,"policyList":{"policyId":"","policyName":"SecurityPolicy-SSL-Intecept-Demo002","policyType":"tsg_security","action":"intercept","userTags":"${userTagIds}","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":${testClentID},"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]}],"isValid":1,"scheduleId":[],"appObjectIdArray":[2,3]}}
${rescode} ${policyId} AddPolicy ${addPolicyStr}
#功能端验证
# 区分执行方式
@{stringlist} set variable CN=Tango Secure Gateway CA Content-Type: text/html value=百度一下
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${commandreturn} OperatingSystem.Run ${curlbatpath}/SecurityPolicy-SSL-Intecept-Demo001.bat
FOR ${var} IN @{stringlist}
log ${var}
Should Contain ${commandreturn} ${var}
END
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
# 区分执行方式
# 日志验证
${s} Convert to String ${policyId}
GetLogList security_event_log ${obj}[starttime] ${obj}[endtime] ${testClentIP} ${s} ssl_sni baidu.com
# 清理测试数据
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}

0
01-TestCase/tsg_bfapi/active_defence_event_log/.gitkeep Normal file
View File

362
01-TestCase/tsg_bfapi/active_defence_event_log/Log-count.robot Normal file
View File

@@ -0,0 +1,362 @@
*** Settings ***
Force Tags api api-log api-log-active_defence_event_log api-log-active_defence_event_log-count
Resource ../../../02-Keyword/tsg_bfapi/Log_keyword.robot
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Library OperatingSystem
Library Selenium2Library
Library RequestsLibrary
Library Collections
Library string
Library REST http://${host}:${port}/${version}
Library json
*** Test Cases ***
CountLog-001
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"sub", "value":["22"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-002
${condition} Set Variable []
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-003
${condition} Set Variable {"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-004
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-005
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"=", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-006
${condition} Set Variable { "field":"ad_cc_target_url", "type":"string", "symbol":"sub", "value":["www.jianshu.com"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-007
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] },{"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] },{ "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 13:27:02"] },{ "field":"common_policy_id", "type":"int", "symbol":"=", "value":["95"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","condaiapi-logaa tions":[${condition}]}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-008
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"prefix", "value":["10"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-009
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"suffix", "value":["222"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-010
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-011
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "value":["10"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-012
${condition} Set Variable { "field":"ad_target_ip", "type":"string", "value":["10"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-013
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"!=", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-014
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"!=", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-015
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-016
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<=", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-017
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":">=", "value":["774"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-018
${condition} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"in", "value":["774","95"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-019
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-020
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-021
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-022
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<=", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-023
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">=", "value":["2020-04-27 12:48:33"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-024
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"between", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]
CountLog-025
${condition} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${pageSize} Set Variable 30
${pageNo} Set Variable 1
${starttime} Set Variable 2020-04-26 12:27:03
${endtime} Set Variable 2020-04-27 13:27:03
${logname} Set Variable active_defence_event_log
${logCondition} Set Variable {"pageNo":${pageNo},"pageSize":${pageSize},"logType":"${logname}","start_common_recv_time":"${startTime}","end_common_recv_time":"${endTime}","conditions":${condition}}
${url} Set Variable log/count
${response} Post-Request ${url} ${logCondition}
${responsejson} Evaluate type($response)
Should Be Equal As Strings ${response}[code] 200
log ${response}[data][total]

285
01-TestCase/tsg_bfapi/active_defence_event_log/Log_batch.robot Normal file
View File

@@ -0,0 +1,285 @@
*** Settings ***
Force Tags api api-log api-log-active_defence_event_log api-log-active_defence_event_log-batch
Library downloadexcel.py
Resource ../../../02-Keyword/tsg_bfapi/Log_keyword.robot
*** Variables ***
@{logType} security_event_log proxy_event_log connection_record_log radius_record_log
*** Test Cases ***
ExportLog-001
${conditions} Set Variable {"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-002
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-003
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"=", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-004
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"=", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-005
${conditions} Set Variable { "field":"ad_cc_target_url", "type":"string", "symbol":"sub", "value":["www.jianshu.com"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-006
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"sub", "value":["22"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-007
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] },{"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] },{ "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 13:27:02"] },{ "field":"common_policy_id", "type":"int", "symbol":"=", "value":["95"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... [${conditions}]
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-008
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"prefix", "value":["10"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-009
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"suffix", "value":["222"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-010
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-011
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "value":["10"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-012
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-013
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"!=", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-014
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":">", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-015
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-016
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<=", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-017
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":">=", "value":["774"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-018
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"in", "value":["774","95"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-019
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-020
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-021
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-022
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<=", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-023
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">=", "value":["2020-04-27 12:48:33"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-024
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"between", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
ExportLog-025
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${logname} Set Variable active_defence_event_log
${logCondition} GetLogCondition ${logname} 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
log ${logCondition}
${header} Create Dictionary Content-Type=application/json Authorization=${token}
${success} downloadexcel ${header} ${logCondition} http://${host}:${port}/${version}/log/batch
log ${success}
Should Be Equal ${success} ${200} active_defence_event_log\ test query export failed
*** Keywords ***

310
01-TestCase/tsg_bfapi/active_defence_event_log/Log_search.robot Normal file
View File

@@ -0,0 +1,310 @@
*** Settings ***
Force Tags api api-log api-log-active_defence_event_log api-log-active_defence_event_log-search
Library OperatingSystem
Library Selenium2Library
Library RequestsLibrary
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Log_schema.robot
Resource ../../../02-Keyword/tsg_bfapi/Log_search.robot
Library string
Library REST http://${host}:${port}/${version}
Resource ../../../02-Keyword/tsg_bfapi/Log_keyword.robot
*** Test Cases ***
log-schema-001
${filds} schema
log ${filds}
log-search-002
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} []
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-003
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable {"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${logid} Set Variable ${responselist}[0][common_log_id]
Should Be Equal As Strings ${logid} 59526984506148866
log-search-004
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${time} Set Variable ${responselist}[0][common_recv_time]
Should Be Equal As Strings ${time} 2020-04-27 12:48:33
log-search-005
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"=", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${policyid} Set Variable ${responselist}[0][common_policy_id]
Should Be Equal As Strings ${policyid} 774
log-search-006
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_cc_target_url", "type":"string", "symbol":"sub", "value":["www.jianshu.com"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
log ${responselist}
should be empty ${responselist}
log-search-007
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"sub", "value":["22"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${ip} Set Variable ${responselist}[0][ad_target_ip]
should contain ${ip} 22
log-search-008
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"prefix", "value":["10"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${ip} Set Variable ${responselist}[0][ad_target_ip]
should contain ${ip} 10
log-search-009
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"suffix", "value":["222"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${ip} Set Variable ${responselist}[0][ad_target_ip]
should contain ${ip} 222
log-search-010
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${ip} Set Variable ${responselist}[0][ad_target_ip]
Should Be Equal As Strings ${ip} 10.3.22.222
log-search-011
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"ad_target_ip", "type":"string", "symbol":"exactly", "value":["10.3.22.222"] },{"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] },{ "field":"common_recv_time", "type":"timestamp", "symbol":"=", "value":["2020-04-27 13:27:02"] },{ "field":"common_policy_id", "type":"int", "symbol":"=", "value":["95"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${ip} Set Variable ${responselist}[0][ad_target_ip]
Should Be Equal As Strings ${ip} 10.3.22.222
${time} Set Variable ${responselist}[0][common_recv_time]
Should Be Equal As Strings ${time} 2020-04-27 13:27:02
${logid} Set Variable ${responselist}[0][common_log_id]
Should Be Equal As Strings ${logid} 59526984506148866
${policyid} Set Variable ${responselist}[0][common_policy_id]
Should Be Equal As Strings ${policyid} 95
log-search-012
${conditions} Set Variable {"field":"common_log_id","type":"long","symbol":"=","value":["59526984506148866"] }
${simpleCondition} Set Variable "common_server_ips": "40"
${logCondition} GetLogCondition active_defence_event_log 2020-04-26 12:27:03 2020-04-27 13:27:03 30 1
... ${conditions}
${response} BasePostRequest v1/log/list ${logCondition}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${logid} Set Variable ${responselist}[0][common_log_id]
Should Be Equal As Strings ${logid} 59526984506148866
log-search-013
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${policyid} Set Variable ${responselist}[0][common_policy_id]
Should Be Equal As Strings ${policyid} 774
log-search-014
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"!=", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-015
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":">", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-016
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-017
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"<=", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-018
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":">=", "value":["774"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-019
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_policy_id", "type":"int", "symbol":"in", "value":["774","95"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} ${conditions}
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-020
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${time} Set Variable ${responselist}[0][common_recv_time]
Should Be Equal As Strings ${time} 2020-04-27 12:48:33
log-search-021
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-022
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-023
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"<=", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
${responsedata} Get From Dictionary ${response} data
log ${responsedata}
${responselist} Get From Dictionary ${responsedata} list
${time} Set Variable ${responselist}[0][common_recv_time]
Should Be Equal As Strings ${time} 2020-04-27 12:48:33
log-search-024
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":">=", "value":["2020-04-27 12:48:33"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-025
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "symbol":"between", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200
log-search-026
#${filds} schema
${responsedata} Get-Request log/schema?logType=active_defence_event_log
${filds} Set Variable ${responsedata['data']['fields']}
${conditions} Set Variable { "field":"common_recv_time", "type":"timestamp", "value":["2020-04-27 12:48:33","2020-04-27 13:27:03"] }
${response} log_search 2020-04-26 12:27:03 2020-04-27 13:27:03 active_defence_event_log ${filds} [${conditions}]
log ${response}
Should Be Equal As Strings ${response.code} 200

BIN
01-TestCase/tsg_bfapi/active_defence_event_log/__pycache__/downloadexcel.cpython-36.pyc Normal file
View File

Binary file not shown.

BIN
01-TestCase/tsg_bfapi/active_defence_event_log/__pycache__/downloadexcel.cpython-37.pyc Normal file
View File

Binary file not shown.

14
01-TestCase/tsg_bfapi/active_defence_event_log/downloadexcel.py Normal file
View File

@@ -0,0 +1,14 @@
import requests
def downloadexcel(headers,data,url):
response = requests.post(url, headers=headers, data=data)
if response.status_code == 200:
with open("active_defence_event_log"+".xlsx", "wb") as code:
code.write(response.content)
return 200;
else:
print('导出失败'+response.content)
return 500;
if __name__ == '__main__':
downloadexcel(header,data,url)

105
01-TestCase/tsg_bfapi/api_log/LogStatistics-Country.robot Normal file
View File

@@ -0,0 +1,105 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
Library DateTime
*** Test Cases ***
Statistics-Country-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-4-11 13:36:35.000
#结束时间格式Y-M-D h:i:s
${endTime} set variable 2020-4-30 13:36:35.000
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}
Statistics-Country-00002
#最近一小时
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -01:00:00
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}
Statistics-Country-00003
#最近一天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
#结束时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -1 days
log ${endTime}
log ${startTime}
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}
Statistics-Country-00004
#最近一周
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
#结束时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -7 days
log ${endTime}
log ${startTime}
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}
Statistics-Country-00005
#最近一个月30天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
#结束时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -30 days
log ${endTime}
log ${startTime}
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}
Statistics-Country-00006
#最近一年365天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable country
#请求地址 例如:/report/domain/recommend
${url} set variable /report/country/sourceipnum
#开始时间
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
#结束时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -365 days
log ${endTime}
log ${startTime}
#limit int型
${limit} set variable 50
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} limit=${limit}

12
01-TestCase/tsg_bfapi/api_log/LogStatistics-domain.robot Normal file
View File

@@ -0,0 +1,12 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
*** Test Cases ***
Statistics-domain-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/domain/recommend
# \ 统计时间, \ 查询最近24小时数据例如当前时间为2020-03-26 15:14:00, 查询时间应设为推前1小时的整点实际传入参数为 "2020-03-26 14:00:00"
${statisticTime} set variable 2020-04-26 23:00:00
GetApi ${apiName} ${url} statisticTime=${statisticTime}

102
01-TestCase/tsg_bfapi/api_log/LogStatistics-hijack_srcip_location.robot Normal file
View File

@@ -0,0 +1,102 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
Library DateTime
*** Test Cases ***
Statistics-hijack_srcip_location-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-04-01 16:43:48
#结束时间格式Y-M-D h:i:s
${endTime} set variable 2020-04-26 16:40:01
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}
Statistics-hijack_srcip_location-00002
#最近一小时
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -01:00:00
${startTime} Get Substring ${startTime} \ -4
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}
Statistics-hijack_srcip_location-00003
#最近一天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#结束时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -1 days
${startTime} Get Substring ${startTime} \ -4
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}
Statistics-hijack_srcip_location-00004
#最近一周
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -7 days
${startTime} Get Substring ${startTime} \ -4
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}
Statistics-hijack_srcip_location-00005
#最近一个月30天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -30 days
${startTime} Get Substring ${startTime} \ -4
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}
Statistics-hijack_srcip_location-00006
#最近一年365天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable hijack_srcip_location
#请求地址 例如:/report/domain/recommend
${url} set variable /report/hijack_srcip_location
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -365 days
${startTime} Get Substring ${startTime} \ -4
#策略ID
${policy_id} set variable 0
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} policy_id=${policy_id}

113
01-TestCase/tsg_bfapi/api_log/LogStatistics-ip_correlation_domain.robot Normal file
View File

@@ -0,0 +1,113 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
Library DateTime
*** Test Cases ***
Statistics-ip_correlation_domain-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-04-01 16:05:04
#结束时间格式Y-M-D h:i:s
${endTime} set variable 2020-04-28 16:05:11
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}
Statistics-ip_correlation_domain-00002
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-04-01 16:05:04
#结束时间格式Y-M-D h:i:s
${endTime} set variable 2020-04-28 16:05:11
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime}
Statistics-ip_correlation_domain-00003
#最近一小时
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -01:00:00
${startTime} Get Substring ${startTime} \ -4
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}
Statistics-ip_correlation_domain-00004
#最近一天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -1 days
${startTime} Get Substring ${startTime} \ -4
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}
Statistics-ip_correlation_domain-00005
#最近一周7天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -7 days
${startTime} Get Substring ${startTime} \ -4
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}
Statistics-ip_correlation_domain-00006
#最近一个月30天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -30 days
${startTime} Get Substring ${startTime} \ -4
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}
Statistics-ip_correlation_domain-00007
#最近一年
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable ip_correlation_domain
#请求地址 例如:/report/domain/recommend
${url} set variable /report/ip_correlation_domain
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -365 days
${startTime} Get Substring ${startTime} \ -4
#IP
${ip} set variable 04.194.66.194
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} ip=${ip}

130
01-TestCase/tsg_bfapi/api_log/LogStatistics-traffic.robot Normal file
View File

@@ -0,0 +1,130 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
Library DateTime
*** Test Cases ***
Statistics-traffic-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-04-01 13:36:35
#结束时间格式Y-M-D h:i:s
${endTime} set variable 2020-04-28 16:04:56
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}
Statistics-traffic-00002
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#开始时间格式Y-M-D h:i:s
${startTime} set variable 2020-04-26 13:36:35
${endTime} set variable 2020-04-26 23:04:56
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime}
Statistics-traffic-00003
#最近一小时
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -01:00:00
${startTime} Get Substring ${startTime} \ -4
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}
Statistics-traffic-00004
#最近一天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -1 days
${startTime} Get Substring ${startTime} \ -4
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}
Statistics-traffic-00005
#最近一周7天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -7 days
${startTime} Get Substring ${startTime} \ -4
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}
Statistics-traffic-00006
#最近一个月30天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -30 days
${startTime} Get Substring ${startTime} \ -4
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}
Statistics-traffic-00007
#最近一年365天
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable traffic
#请求地址 例如:/report/domain/recommend
${url} set variable /report/traffic/statisticsbyunit
#统计类型: bytes字节数 packets包数 sessions连接数 如不指定,则统计全部 statisticsUnit=${statisticUnit}
${statisticUnit} set variable bytes
#结束时间格式Y-M-D h:i:s
${Time} get current date
${endTime}= add time to date ${Time} -00:05:00
${endTime} Get Substring ${endTime} \ -4
#开始时间格式Y-M-D h:i:s
${startTime}= add time to date ${endTime}= -365 days
${startTime} Get Substring ${startTime} \ -4
#统计粒度单位秒仅用于趋势查询sql 缺省为30秒
${timeGranularity} set variable 70
${limit} set variable 1
GetApi ${apiName} ${url} startTime=${startTime} endTime=${endTime} timeGranularity=${timeGranularity} limit=${limit} statisticsUnit=${statisticUnit}

12
01-TestCase/tsg_bfapi/api_log/LogStatistics-url.robot Normal file
View File

@@ -0,0 +1,12 @@
*** Settings ***
Resource ../../../02-Keyword/tsg_bfapi/LogStatistics.robot
*** Test Cases ***
Statistics-url-00001
#apiName请求大数据时用于区分每个接口的sql
${apiName} set variable url
#请求地址 例如:/report/domain/recommend
${url} set variable /report/url/recommend
#统计时间, \ 查询最近24小时数据例如当前时间为2020-03-26 15:14:00, 查询时间应设为推前1小时的整点实际传入参数为 "2020-03-26 14:00:00" \ 响应参数说明
${statisticTime} set variable 2020-04-27 14:00:00
GetApi ${apiName} ${url} statisticTime=${statisticTime}

19
01-TestCase/tsg_bfapi/dashboard_data_compare/ClientIPTopN.robot Normal file
View File

@@ -0,0 +1,19 @@
*** Settings ***
Force Tags tsg-bfapi dashboard clientIP topn
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/ClientIPTopN.robot
*** Test Cases ***
ClientIPTopN-0001
#dashboard 源IP统计 bifang和bigData对比
ClientIPTopN 1 bytes 5
ClientIPTopN-0002
#dashboard 源IP统计 bifang和bigData对比
ClientIPTopN 2 packets 5
ClientIPTopN-0003
#dashboard 源IP统计 bifang和bigData对比
ClientIPTopN 3 sessions 10

19
01-TestCase/tsg_bfapi/dashboard_data_compare/DomainTopN.robot Normal file
View File

@@ -0,0 +1,19 @@
*** Settings ***
Force Tags tsg-bfapi dashboard Domain topn
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/DomainTopN.robot
*** Test Cases ***
DomainTopN-0001
#dashboard 域名统计 bifang和bigData对比
DomainTopN 1 bytes 10
DomainTopN-0002
#dashboard 域名统计 bifang和bigData对比
DomainTopN 2 packets 10
DomainTopN-0003
#dashboard 域名统计 bifang和bigData对比
DomainTopN 3 sessions 10

103
01-TestCase/tsg_bfapi/dashboard_data_compare/PolicyActionHitStatistics.robot Normal file
View File

@@ -0,0 +1,103 @@
*** Settings ***
Force Tags tsg-bfapi dashboard policy action
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/PolicyActionHitStatistics.robot
*** Test Cases ***
SecurityEventActionHit-bytes-0001
# dashboard界面 安全策略各动作命中计数 bytes bifang和bigData对比
SecurityEventActionHit-bytes 1 300 5
SecurityEventActionHit-bytes-0002
# dashboard界面 安全策略各动作命中计数 bytes bifang和bigData对比
SecurityEventActionHit-bytes 2 600 5
SecurityEventActionHit-bytes-0003
# dashboard界面 安全策略各动作命中计数 bytes bifang和bigData对比
SecurityEventActionHit-bytes 3 600 10
SecurityEventActionHit-packets-0001
# dashboard界面 安全策略各动作命中计数 packets bifang和bigData对比
SecurityEventActionHit-packets 1 300 5
SecurityEventActionHit-packets-0002
# dashboard界面 安全策略各动作命中计数 packets bifang和bigData对比
SecurityEventActionHit-packets 2 600 5
SecurityEventActionHit-packets-0003
# dashboard界面 安全策略各动作命中计数 packets bifang和bigData对比
SecurityEventActionHit-packets 3 600 10 2020-03-31 16:00:00 2020-04-07 16:00:00
SecurityEventActionHit-sessions-0001
# dashboard界面 安全策略各动作命中计数 sessions bifang和bigData对比
SecurityEventActionHit-sessions 1 300 5
SecurityEventActionHit-sessions-0002
# dashboard界面 安全策略各动作命中计数 sessions bifang和bigData对比
SecurityEventActionHit-sessions 2 300 5
SecurityEventActionHit-sessions-0003
# dashboard界面 安全策略各动作命中计数 sessions bifang和bigData对比
SecurityEventActionHit-sessions 3 300 10
SecurityEventActionHit-thrend-bytes-0001
# dashboard界面 安全策略各动作命中计数趋势 bytes bifang和bigData对比
SecurityEventActionHit-thrend-bytes 1 300 5
SecurityEventActionHit-thrend-bytes-0002
# dashboard界面 安全策略各动作命中计数趋势 bytes bifang和bigData对比
SecurityEventActionHit-thrend-bytes 2 300 5
SecurityEventActionHit-thrend-bytes-0003
# dashboard界面 安全策略各动作命中计数趋势 bytes bifang和bigData对比
SecurityEventActionHit-thrend-bytes 3 600 10
SecurityEventActionHit-thrend-packets-0001
# dashboard界面 安全策略各动作命中计数趋势 packets bifang和bigData对比
SecurityEventActionHit-thrend-packets 1 300 5
SecurityEventActionHit-thrend-packets-0002
# dashboard界面 安全策略各动作命中计数趋势 packets bifang和bigData对比
SecurityEventActionHit-thrend-packets 2 300 5
SecurityEventActionHit-thrend-packets-0003
# dashboard界面 安全策略各动作命中计数趋势 packets bifang和bigData对比
SecurityEventActionHit-thrend-packets 3 600 10
SecurityEventActionHit-thrend-sessions-0001
# dashboard界面 安全策略各动作命中计数趋势 sessions bifang和bigData对比
SecurityEventActionHit-thrend-sessions 1 300 5
SecurityEventActionHit-thrend-sessions-0002
# dashboard界面 安全策略各动作命中计数趋势 sessions bifang和bigData对比
SecurityEventActionHit-thrend-sessions 2 300 5
SecurityEventActionHit-thrend-sessions-0003
# dashboard界面 安全策略各动作命中计数趋势 sessions bifang和bigData对比
SecurityEventActionHit-thrend-sessions 3 600 10
ProxyEventActionHit-sessions-0001
# dashboard界面 代理策略各动作命中计数 sessions bifang和bigData对比
ProxyEventActionHit-sessions 1 300 5
ProxyEventActionHit-sessions-0002
# dashboard界面 代理策略各动作命中计数 sessions bifang和bigData对比
ProxyEventActionHit-sessions 2 300 5
ProxyEventActionHit-sessions-0003
# dashboard界面 代理策略各动作命中计数 sessions bifang和bigData对比
ProxyEventActionHit-sessions 3 600 10
ProxyEventActionHit-trend-sessions-0001
# dashboard界面 代理策略各动作命中计数趋势 sessions bifang和bigData对比
ProxyEventActionHit-trend-sessions 1 300 5
ProxyEventActionHit-trend-sessions-0002
# dashboard界面 代理策略各动作命中计数趋势 sessions bifang和bigData对比
ProxyEventActionHit-trend-sessions 2 300 5
ProxyEventActionHit-trend-sessions-0003
# dashboard界面 代理策略各动作命中计数趋势 sessions bifang和bigData对比
ProxyEventActionHit-trend-sessions 3 600 10

30
01-TestCase/tsg_bfapi/dashboard_data_compare/PolicyEventHitTopN.robot Normal file
View File

@@ -0,0 +1,30 @@
*** Settings ***
Force Tags tsg-bfapi dashboard policy topn
Library Collections
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/PolicyEventHitTopN.robot
*** Test Cases ***
SecurityEventHitTopN-0001
# dashboard界面 安全策略命中TopN bifang和bigData对比
SecurityEventHit 1 10
SecurityEventHitTopN-0002
# dashboard界面 安全策略命中TopN bifang和bigData对比
SecurityEventHit 2 10
SecurityEventHitTopN-0003
# dashboard界面 安全策略命中TopN bifang和bigData对比
SecurityEventHit 3 10
ProxyEventHitTopN-0001
# dashboard界面 代理策略命中TopN bifang和bigData对比
ProxyEventHit 1 10
ProxyEventHitTopN-0002
# dashboard界面 代理策略命中TopN bifang和bigData对比
ProxyEventHit 2 10
ProxyEventHitTopN-0003
# dashboard界面 代理策略命中TopN bifang和bigData对比
ProxyEventHit 3 10

32
01-TestCase/tsg_bfapi/dashboard_data_compare/ProxyPinningStatistics.robot Normal file
View File

@@ -0,0 +1,32 @@
*** Settings ***
Force Tags tsg-bfapi dashboard proxy pinning
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/ProxyPinningStatistics.robot
*** Test Cases ***
ProxyPinning-0001
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinning 1 300 5
ProxyPinning-0002
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinning 2 300 5
ProxyPinning-0003
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinning 3 600 10
ProxyPinning-trend-0001
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinningTrend 1 300 5
ProxyPinning-trend-0002
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinningTrend 2 300 5
ProxyPinning-trend-0003
# dashboard界面 Proxy Pinning计数 bifang和bigData对比
ProxyPinningTrend 3 600 10

19
01-TestCase/tsg_bfapi/dashboard_data_compare/ServiceIPTopN.robot Normal file
View File

@@ -0,0 +1,19 @@
*** Settings ***
Force Tags tsg-bfapi dashboard serviceIP topn
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/ServiceIPTopN.robot
*** Test Cases ***
ServiceIPTopN-0001
#dashboard 目的IP统计 bifang和bigData对比
ServiceIPTopN 1 bytes 10
ServiceIPTopN-0002
#dashboard 目的IP统计 bifang和bigData对比
ServiceIPTopN 2 packets 10
ServiceIPTopN-0003
#dashboard 目的IP统计 bifang和bigData对比
ServiceIPTopN 3 sessions 10

19
01-TestCase/tsg_bfapi/dashboard_data_compare/SubscriberidTopN.robot Normal file
View File

@@ -0,0 +1,19 @@
*** Settings ***
Force Tags tsg-bfapi dashboard subscriberid topn
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/SubscriberidTopN.robot
*** Test Cases ***
SubscriberidTopN-0001
#dashboard 用户TopN统计 bifang和bigData对比
SubscriberidTopN 1 bytes 10
SubscriberidTopN-0002
#dashboard 用户TopN统计 bifang和bigData对比
SubscriberidTopN 2 packets 10
SubscriberidTopN-0003
#dashboard 用户TopN统计 bifang和bigData对比
SubscriberidTopN 3 sessions 10

31
01-TestCase/tsg_bfapi/dashboard_data_compare/TrafficSessionNewLiveStatistic.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Force Tags tsg-bfapi dashboard traffic newCount liveCount
Library Collections
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/TrafficSessionNewLiveStatistic.robot
*** Test Cases ***
SessionStatistics-NewLive-0001
# dashboard界面新建和活跃连接数统计 bifang和bigData对比
SessionStatistics-NewLive 1
SessionStatistics-NewLive-0002
# dashboard界面新建和活跃连接数统计 bifang和bigData对比
SessionStatistics-NewLive 2
SessionStatistics-NewLive-0003
# dashboard界面新建和活跃连接数统计 bifang和bigData对比
SessionStatistics-NewLive 3
SessionStatistics-NewLiveTrend-0001
# dashboard界面新建和活跃连接数趋势 bifang和bigData对比
SessionStatistics-NewLive-Trend 1 60 5
SessionStatistics-NewLiveTrend-0002
# dashboard界面新建和活跃连接数趋势 bifang和bigData对比
SessionStatistics-NewLive-Trend 2 300 5
SessionStatistics-NewLiveTrend-0003
# dashboard界面新建和活跃连接数趋势 bifang和bigData对比
SessionStatistics-NewLive-Trend 3 600 10

79
01-TestCase/tsg_bfapi/dashboard_data_compare/TrafficStatistics.robot Normal file
View File

@@ -0,0 +1,79 @@
*** Settings ***
Force Tags tsg-bfapi dashboard traffic
Library Collections
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/TrafficStatistics.robot
*** Test Cases ***
TrafficStatistics-bytes-0001
# Traffics-带宽统计 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-bytes 1
TrafficStatistics-bytes-0002
# Traffics-带宽统计 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-bytes 2
TrafficStatistics-bytes-0003
# Traffics-带宽统计 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-bytes 3
TrafficStatistics-packets-0001
# Traffics-带宽统计 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-packets 1 2020-04-06 10:00:00 2020-04-06 12:00:00
TrafficStatistics-packets-0002
# Traffics-带宽统计 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-packets 2
TrafficStatistics-packets-0003
# Traffics-带宽统计 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-packets 3
TrafficStatistics-sessions-0001
# Traffics-带宽统计 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-sessions 1
TrafficStatistics-sessions-0002
# Traffics-带宽统计 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-sessions 2
TrafficStatistics-sessions-0003
# Traffics-带宽统计 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-sessions 3
TrafficStatistics-trend-bytes-0001
# Traffics-带宽趋势 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-bytes 1 60 5
TrafficStatistics-trend-bytes-0002
# Traffics-带宽趋势 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-bytes 2 300 5
TrafficStatistics-trend-bytes-0003
# Traffics-带宽趋势 统计类型bytes bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-bytes 3 300 10
TrafficStatistics-trend-packets-0001
# Traffics-带宽趋势 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-packets 1 60 5
TrafficStatistics-trend-packets-0002
# Traffics-带宽趋势 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-packets 2 60 10
TrafficStatistics-trend-packets-0003
# Traffics-带宽趋势 统计类型packets bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-packets 3 300 10
TrafficStatistics-trend-sessions-0001
# Traffics-带宽趋势 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-sessions 1 60 5
TrafficStatistics-trend-sessions-0002
# Traffics-带宽趋势 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-sessions 2 60 10
TrafficStatistics-trend-sessions-0003
# Traffics-带宽趋势 统计类型sessions bifang和bigData对比 Traffic IN/OUT
Dashboard-Traffic-trend-sessions 3 300 10

19
01-TestCase/tsg_bfapi/dashboard_data_compare/UrlTopN.robot Normal file
View File

@@ -0,0 +1,19 @@
*** Settings ***
Force Tags tsg-bfapi dashboard url topn
Library Collections
Library REST
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/dashboard_data_compare/UrlTopN.robot
*** Test Cases ***
UrlTopN-0001
#dashboard Url统计 bifang和bigData对比
UrlTopN 1 10
UrlTopN-0002
#dashboard Url统计 bifang和bigData对比
UrlTopN 2 10
UrlTopN-0003
#dashboard Url统计 bifang和bigData对比
UrlTopN 3 10

50
01-TestCase/tsg_bfapi/policy_file_interface/ClearAllPolicy.robot Normal file
View File

@@ -0,0 +1,50 @@
*** Settings ***
Force Tags tsg_bf_api Clear_All_Policys
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url1} /policy/profile/keyringobj
${url2} /policy/profile/trustedcacertobj
${url3} /policy/profile/responsepages
${url4} /policy/profile/hijackfiles
${url5} /policy/profile/insertscripts
${url6} /policy/profile/trafficmirror
*** Test Cases ***
Keyring Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url1} ${reqData}
Trusted Cert Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url2} ${reqData}
Response Pages Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url3} ${reqData}
Hijack Files Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url4} ${reqData}
Insert Scripts Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url5} ${reqData}
Traffic Mirror Policy delete all case
# 清空所有策略!!!
${reqData} Create Dictionary isClear=true
DeletePolicyFile ${url6} ${reqData}

64
01-TestCase/tsg_bfapi/policy_file_interface/Decryption.robot Normal file
View File

@@ -0,0 +1,64 @@
*** Settings ***
Test Teardown TeardownDelete ${url} profileIds ${profileId}
Force Tags tsg_bf_api Response_Pages
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/decryption
${profileId} ${EMPTY}
*** Test Cases ***
Decryption_ADD_001
Comment 全串{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{"dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
Comment "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
Comment "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}
Comment dynamic_bypass
Comment 拦截排除参数对象
Comment ev_cert Integer 是 ON/OFF,缺省OFF1表示ON,0表示OFF
Comment cert_transparency Integer 是 ON/OFF,缺省OFF1表示ON,0表示OFF
Comment mutual_authentication Integer 是 ON/OFF,缺省ON1表示ON,0表示OFF
Comment cert_pinning Integer 是 Blocl/Bypass,缺省Block1表示Block,0表示Bypass
Comment protocol_errors Integer 是 ON/OFF,缺省ON1表示ON,0表示OFF
Comment protocol_version Object 是 协议版本对象
Comment min Integer 否 如果mirror_client=1则此参数可为空
Comment max Integer 否 如果mirror_client=1则此参数可为空
Comment mirror_client Integer 是 ON/OFF,缺省ON1表示ON,0表示OFF
Comment allow_http2 Integer 是 1表示ON,0表示OFF
Comment certificate_checks Object 是 证书检查参数对象
Comment approachObject 是 certificateChecksObj对象参数
Comment cn Integer 是 approach对象参数,ON/OFF,缺省ON, 1表示ON,0表示OFF
Comment issuer Integer 是 approach对象参数,ON/OFF,缺省ON, 1表示ON,0表示OFF
Comment self-signed Integer 是 approach对象参数 ON/OFF,缺省ON, 1表示ON,0表示OFF
Comment expiration Integer 是 approach对象参数ON/OFF,缺省ON, 1表示ON,0表示OFF
Comment fail_action String 是 certificateChecksObj对象参数,值为: fail-close pass-through
Comment isValid Integer 是 是否有效
Comment isInitialize Integer 否 0非内置缺省 1内置
${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
${data} Create List ${requestbody}
${response} CreatePolicyFileNoFile ${url} ${data}
# 查询
${profileId} Get From Dictionary ${response} profileId
${profileName} Get From Dictionary ${response} profileName
QueryPolicyFile ${url} profileId=${profileId}&profileName=${profileName}
# 修改
${dynamic_bypass}="dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0}
${protocol_version}="protocol_version":{"min":"ssl3","max":"tls13","mirror_client":0,"allow_http2":0}
${certificate_checks}="certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"pass-through"}
${requestbody}={"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_edit","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":0,"isInitialize":0,"profileDesc":""}]}
@{data} set variable ${requestbody}
UpdatePolicyFile2 ${url} ${reqData_edit} @{data}

31
01-TestCase/tsg_bfapi/policy_file_interface/HijackFilesPolicy.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Test Teardown TeardownDelete ${url} profileIds ${profileId}
Force Tags tsg_bf_api Hijack_Files
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/hijackfiles
${profileId} ${EMPTY}
*** Test Cases ***
Hijack Files Policy CRUD case
# 新增
${response} CreatePolicyFile2 ${url} hijack_files/ Create-Hijack Files-test-3.html hijack
# 查询
${profileId} Get From Dictionary ${response} profileId
${profileName} Get From Dictionary ${response} profileName
QueryPolicyFile ${url} profileId=${profileId}&profileName=${profileName}
# 修改
${header_edit} Set Variable {"isValid":1,"contentType":"image/png","opAction":"update","profileName":"test_edit","contentName":"Create-Hijack Files-test-5.png","profileId":"${profileId}","returnData":1}
UpdatePolicyFile ${url} Hijack Files-files/ Create-Hijack Files-test-5.png ${header_edit}

31
01-TestCase/tsg_bfapi/policy_file_interface/InsertScriptsPolicy.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Test Teardown TeardownDelete ${url} profileIds ${profileId}
Force Tags tsg_bf_api Insert_Scripts
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/insertscripts
${profileId} ${EMPTY}
*** Test Cases ***
Insert Scripts Policy CRUD case
# 新增
${response} CreatePolicyFile2 ${url} insert_files/ Create-Insert Scripts-test-1.js insert
# 查询
${profileId} Get From Dictionary ${response} profileId
${profileName} Get From Dictionary ${response} profileName
QueryPolicyFile ${url} profileId=${profileId}&profileName=${profileName}
# 修改
${reqHeader_edit} Set Variable {"isValid":1,"format":"css","opAction":"update","profileName":"test_edit","profileId":"${profileId}","returnData":1}
UpdatePolicyFile ${url} Insert Scripts-files/ Create-Insert Scripts-test.css ${reqHeader_edit}

35
01-TestCase/tsg_bfapi/policy_file_interface/IntermediaCert.robot Normal file
View File

@@ -0,0 +1,35 @@
*** Settings ***
Force Tags tsg_bf_api Cached_Intermediate_Certificates
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/exch/intermediacert
*** Test Cases ***
Intermedia Cert Policy case
# 查询1
${suffix_quary} Catenate SEPARATOR=& certId=269 sni=nationalbank.kz
QueryPolicyFile ${url} ${suffix_quary}
# 查询2
${suffix_quary} Catenate SEPARATOR=& certIds=263,265 sni=dw-online.ksosoft
QueryPolicyFile ${url} ${suffix_quary}
# 启用/暂停
${certId} QueryPolicyFile2 ${url} isValid=1
${certIds} Create List ${certId}
${data} Set Variable {"opAction":"disable","certIds":${certIds}}
UpdatePolicyFile2 ${url} ${data}
${data2} Set Variable {"opAction":"enable","certIds":${certIds}}
UpdatePolicyFile2 ${url} ${data2}

31
01-TestCase/tsg_bfapi/policy_file_interface/KeyringPolicyFile.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Test Teardown TeardownDelete ${url} keyringIds ${keyringId}
Force Tags tsg_bf_api Decryption_Keyrings
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/keyringobj
${keyringId} ${EMPTY}
*** Test Cases ***
Keyring Policy File case
# 新增
${response} CreatePolicyMutipartFile ${url} keyrings/root/ mesalab-ca-cert.pem mesalab-ca-key.pem
# 查询
${keyringId} Get From Dictionary ${response} keyringId
${keyringName} Get From Dictionary ${response} keyringName
QueryPolicyFile ${url} keyringId=${keyringId}&keyringName=${keyringName}
# 修改
${header_edit} Set Variable {"isValid":1,"opAction":"update","returnData":1,"keyringName":"test_edit","keyringType":"end-entity","reissueExpiryHour":0,"crl":"null","publicKeyAlgo":"rsa2048","keyringId":"${keyringId}","includeRoot":0}
UpdatePolicyMutipartFile ${url} Keyrings/end-entity/ tang-ca-v3-www.amazon.cn-cer.pem tang-ca-v3-www.amazon.cn-key.pem ${header_edit}

30
01-TestCase/tsg_bfapi/policy_file_interface/ResponsePagesPolicy.robot Normal file
View File

@@ -0,0 +1,30 @@
*** Settings ***
Test Teardown TeardownDelete ${url} profileIds ${profileId}
Force Tags tsg_bf_api Response_Pages
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/responsepages
${profileId} ${EMPTY}
*** Test Cases ***
Response Pages Policy CRUD case
# 新增
${response} CreatePolicyFile2 ${url} response_pages_files/ Create-Response Pages-test-1.html resPages
# 查询
${profileId} Get From Dictionary ${response} profileId
${profileName} Get From Dictionary ${response} profileName
QueryPolicyFile ${url} profileId=${profileId}&profileName=${profileName}
# 修改
${header_edit} Set Variable {"isValid":1,"format":"html","opAction":"update","profileName":"test_edit","profileId":"${profileId}","returnData":1}
UpdatePolicyFile ${url} Response pages-files/ Create-Response Pages-test.html ${header_edit}

31
01-TestCase/tsg_bfapi/policy_file_interface/TrafficMirrorPolicy.robot Normal file
View File

@@ -0,0 +1,31 @@
*** Settings ***
Test Teardown TeardownDelete ${url} profileIds ${profileId}
Force Tags tsg_bf_api Traffic_Mirror_Profiles
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/trafficmirror
${profileId} ${EMPTY}
*** Test Cases ***
Traffic Mirror Policy CRUD case
# 新增
${response} CreatePolicyFile3 ${url}
# 查询
${profileId} Get From Dictionary ${response} profileId
${profileName} Get From Dictionary ${response} profileName
QueryPolicyFile ${url} profileId=${profileId}&profileName=${profileName}
# 修改
${reqData_edit} Set Variable {"opAction":"update","returnData":1,"trafficMirrorList":[{"profileId":"${profileId}","profileName":"test_edit","addrType":"vlan","isValid":1,"addrArray":["256"]}]}
UpdatePolicyFile2 ${url} ${reqData_edit}

30
01-TestCase/tsg_bfapi/policy_file_interface/TrustedCertPolicy.robot Normal file
View File

@@ -0,0 +1,30 @@
*** Settings ***
Test Teardown TeardownDelete ${url} certIds ${certId}
Force Tags tsg_bf_api Trusted_Certificate_Authorities
Library String
Library OperatingSystem
Library Selenium2Library
Library Collections
Resource ../../../02-Keyword/tsg_bfapi/Common.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_file_interface/FunctionalKeywords.robot
Resource ../../../03-Variable/BifangApiVariable.txt
*** Variables ***
${url} /policy/profile/trustedcacertobj
${certId} ${EMPTY}
*** Test Cases ***
Trusted Cert Policy CRUD case
# 新增
${response} CreatePolicyFile ${url} keyrings/root/ tango-ca-trust-ca-cer.pem
# 查询
${certId} Get From Dictionary ${response} certId
${certName} Get From Dictionary ${response} certName
QueryPolicyFile ${url} certId=${certId}&certName=${certName}
# 修改
${header_edit} Set Variable {"isValid":1,"opAction":"update","certName":"test_edit","certId":"${certId}","returnData":1}
UpdatePolicyFile ${url} Keyrings/Intermediate/ tang-ca-v3-intermediate-01-cer.pem ${header_edit}

16
01-TestCase/tsg_cli/EnDisablePolicy.robot Normal file
View File

@@ -0,0 +1,16 @@
*** Settings ***
Force Tags tsg-cli Policy EnDisable
Resource ../../03-Variable/BifangApiVariable.txt
Resource ../../02-Keyword/tsg_cli/Interface.robot
*** Test Cases ***
Policy_EnDisable_TestCase
# 操作不同类型策略
FOR ${policyType} IN @{PolicyTypes}
${obj} Get_Policy_Object3 ${policyType}
# 更改策略状态
Tsg_Policy_EnDisable ${obj}[policyId] ${policyType} ${obj}[commandType1]
# 复原策略状态
Tsg_Policy_EnDisable ${obj}[policyId] ${policyType} ${obj}[commandType2]
END

30
01-TestCase/tsg_cli/ImExportObject.robot Normal file
View File

@@ -0,0 +1,30 @@
*** Settings ***
Test Teardown Clear_Test_Data
Force Tags tsg-cli Object ExImport
Resource ../../03-Variable/BifangApiVariable.txt
Resource ../../02-Keyword/tsg_cli/Interface.robot
*** Test Cases ***
Object_Export_And_Import_TestCase
FOR ${type} IN @{ObjectTypes}
# export 01
${FileName1} Get_File_Name ${type} txt
Tsg_Policy_Object_Export ${type} ${FileName1} txt
# export 02
${FileName2} Get_File_Name ${type} csv
Tsg_Policy_Object_Export ${type} ${FileName2} csv
# # export 03
${FileName3} Get_File_Name ${type} txt
Tsg_Policy_Object_Export ${type} ${FileName3} ${None}
# export 04
${FileName4} Get_File_Name ${type} csv
Tsg_Policy_Object_Export ${type} ${FileName4} ${None}
# # import 01
${name1} Get_Import_Info ${type}
Tsg_Policy_Object_Import ${type} ${FileName3} ${name1}
# import 02
${name2} Get_Import_Info ${type}
Tsg_Policy_Object_Import ${type} ${FileName4} ${name2}
END

Some files were not shown because too many files have changed in this diff Show More