*** Settings *** Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} Force Tags zjj tsg_proxy replace Library OperatingSystem Resource ../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../03-Variable/PolicyObjectDefault.txt Resource ../../02-Keyword/tsg_common/StmpHandle.robot Resource ../../03-Variable/BifangApiVariable.txt Library Custometest Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /policy/profile/decryption ${profiledId} ${EMPTY} *** Test Cases *** #添加测试数据 ZJJ_ProxyPolicy-131Replace-ResbodyReqbocy-00001 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Replace-ResbodyReqbocy-00001 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.baidu.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.baidu.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} #{"opAction":"add","returnData":0,"list":[{"profileName":"dxytest","profileDesc":"","isValid":1,"decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}}}]} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_resp_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.5,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} ZJJ_ProxyPolicy-131Replace-ResbodyReqbocy-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Replace-ResbodyReqbocy-00002 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.jd.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.jd.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_resp_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #添加测试数据 ZJJ_ProxyPolicy-131Redirect-00001 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Redirect-00001 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.tmall.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${objectids} ${object_URL_Id} #创建fqdn ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.tmall.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} #{"opAction":"add","returnData":0,"list":[{"profileName":"dxytest","profileDesc":"","isValid":1,"decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}}}]} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation", #"userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"","effectiveRange":{"tag_sets":[[]]}, #"userRegion":{"method":"redirect","to":"https://zhidao.baidu.com","code":302,"protocol":"HTTP"}, #"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":1192,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":1194,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"redirect","to":"https://zhidao.baidu.com","code":302,"enforcement_ratio":0.5,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} ZJJ_ProxyPolicy-131Redirect-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Redirect-00002 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.vip.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.vip.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} #... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_resp_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"} ... userRegion={"method":"redirect","to":"http://image.baidu.com/","code":301,"enforcement_ratio":0.9999,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #添加测试数据 ZJJ_ProxyPolicy-131Hjack-00001 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Hjack-00001 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.126.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${objectids} ${object_URL_Id} #创建fqdn ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.126.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} #{"opAction":"add","returnData":0,"list":[{"profileName":"dxytest","profileDesc":"","isValid":1,"decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}}}]} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":2,"policyDesc":"", #"effectiveRange":{"tag_sets":[[]]}, #"userRegion":{"method":"hijack","hijack_profile":2,"protocol":"HTTP"} #,"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":1192,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":1187,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"hijack","hijack_profile":2,"enforcement_ratio":0.5,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} ZJJ_ProxyPolicy-131Hjack-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Hjack-00002 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.jd.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.jd.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} #... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_resp_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"} ... userRegion={"method":"hijack","hijack_profile":2,"enforcement_ratio":0.9999,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #添加测试数据 ZJJ_ProxyPolicy-131Insert-00001 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Insert-00001 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.tmall.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${objectids} ${object_URL_Id} #创建fqdn ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.tmall.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} #{"opAction":"add","returnData":0,"list":[{"profileName":"dxytest","profileDesc":"","isValid":1,"decryption":{"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1}}}]} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]}, #"userRegion":{"method":"insert","insert_profile":2,"protocol":"HTTP"} #,"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":1192,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":1194,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"insert","insert_profile":2,"enforcement_ratio":0.5,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} ZJJ_ProxyPolicy-131Insert-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-131Insert-00002 #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=www.jd.com ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} set variable ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$www.jd.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} #... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_resp_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"} ... userRegion={"method":"insert","insert_profile":2,"enforcement_ratio":0.9999,"protocol":"HTTP"} ... referenceObject=${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}