*** Settings *** Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} Force Tags tsg_adc tsg_security all_protol Library OperatingSystem Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../../03-Variable/PolicyObjectDefault.txt Resource ../../../02-Keyword/tsg_common/StmpHandle.robot Resource ../../../03-Variable/BifangApiVariable.txt Library Custometest Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /policy/profile/responsepages ${profiledId} ${EMPTY} *** Test Cases *** SelfServerSecurityPolicy-Deny-AllProtol-00001 [Tags] securitypolciy deny allprotol selfserver ${caseName} set variable SelfServerSecurityPolicy-Deny-AllProtol-00001 # 创建对象-IP # addItemList全参数:(为方便说明,将参数值拆分为几部分,其实际值为单条无空格/回车字符串,每部分内代表的各参数不可跳跃。) # [addrType]|[protocol]|[direction]|[isSession]# 第一部分(可省略) # [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]& 第二部分(不可省略) # [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]| 第三部分(可省略) # [isInitialize]|[itemName]|[itemDesc], 第四部分(可省略) # ... Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=${Default_IsValid} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} Comment 创建安全策略,针对所有协议,相当于BlackIP ${policyDict} Create Dictionary ... policyName=${caseName}_IPobject ... policyType=${tsg_security} ... policyDesc=${Default_PolicyDesc} ... action=deny ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"rst"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR ... isValid=${Default_IsValid} ... appObjectIdArray=${Default_AppObjectIdArray} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} #默认客户端条件类型:clientip or clientsubid ${Default_Client_Type} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} Comment 功能端验证HTTP验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_HTTP.bat ... ELSE set variable curl -kv http://open.node.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset ... ELSE Create List Connection reset by peer ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} http_host open.node.com Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/selfserver/SecurityPolicy-Deny-AllProtol-00001_SSL.bat ... ELSE set variable curl -kv https://open.node.com/ ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset ... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com Comment 功能端验证DNS验证 Comment 功能端验证MAIL验证 ${starttime} Get Time #${mail} EmailLogin mail.tsgmail.com 25 dongxiaoyan@mail.tsgmail.com dxy123 ${starttime} Get Time ${Smtp服务器} Set Variable 192.168.100.5 ${Smtp服务器端口} Set Variable 25 ${邮箱账号} Set Variable dongxiaoyan@mail.tsgmail.com ${邮箱密码} Set Variable dxy123 ${邮件主题} Set Variable что- иностранныеsuject ${发送者} Set Variable dongxiaoyan@mail.tsgmail.com ${附件} Set Variable ["${mailpath}/朱明明测试文件.txt"] ${接收者} Set Variable ["jwctest@mail.tsgmail.com"] ${抄送者} Set Variable ["zmmtest@mail.tsgmail.com"] ${密送者} Set Variable ["lyftest@mail.tsgmail.com"] ${邮件正文} Set Variable 朱明明contentчто-иностранныеsuject ${mail} EmailSendFull ${Smtp服务器} ${Smtp服务器端口} ${邮箱账号} ${邮箱密码} ${邮件主题} ${发送者} ${接收者} ${抄送者} ${密送者} ${邮件正文} ${附件} should contain ${mail} mail_fail Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} mail_protocol_type SMTP Comment 功能端验证FTP验证 ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${ftpLogin} FTP_login ftp://192.168.100.5:21 -u"ftp_user:qazXSW@edc" test.txt should contain ${ftpLogin} ftp_fail Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ftp_account '' #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"deny","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"rst"},"referenceObject":[{"objectId":6926,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":6943,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3,4,5,6]}}