*** Settings *** Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} Force Tags zjj tsg_proxy replace Library OperatingSystem Resource ../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../03-Variable/PolicyObjectDefault.txt Resource ../../02-Keyword/tsg_common/StmpHandle.robot Resource ../../03-Variable/BifangApiVariable.txt Library Custometest Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /policy/profile/decryption ${profiledId} ${EMPTY} *** Test Cases *** ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |Replace-SSL\r\n Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.1访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.2,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.2访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.3,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.3访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.4,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.4访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.5,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.5访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00006 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.9访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000010 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.9999访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011 [Tags] selfserver SIP+DIP+URL ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000011 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建url ${objectDict} Create Dictionary ... objectType=fqdn ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_fqdnobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=$open.node.com ${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":0,"cert_pinning":0,"protocol_errors":0} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":0,"issuer":0,"self-signed":0,"expiration":0},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI ... isValid=1 ... appObjectIdArray=${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} Comment 创建带有比例的替换策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":1,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat ... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe #Send failure: Connection was reset Tango Secure Gateway CA ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s :FOR ${n} IN RANGE 1000 SystemCommands ${commandstr} ${stringlist} END log endfor Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time ${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com log 22${logsize} ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 1访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime} ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 [Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader ${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012 Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} #创建Resheader ${objectDict} Create Dictionary ... objectType=http_signature ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_http_signatureheaderobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie ${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id} #创建ReqHeader ${objectDict} Create Dictionary ... objectType=http_signature ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_http_signatureheaderobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie ${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id} ${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1} ${protocol_version} set variable "protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1} ${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"} ${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","profileDesc":"autotest_decryption_add","isValid":1,"decryption":{${dynamic_bypass},${certificate_checks},${protocol_version}}}]} #{"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"profileDesc":"autotest"}]}} ${data} set variable ${requestbody} ${response} CreatePolicyFileNoFile ${url} ${data} ${decryption_profile} Get From Dictionary ${response} profileId Comment 创建拦截策略 ${policyDict} Create Dictionary ... policyName=${caseName} ... policyType=tsg_security ... policyDesc=${caseName} ... action=intercept ... effectiveRange=${Default_EffectiveRange} #... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1} ... userRegion={"protocol":"SSL","keyring":1,"decryption":${decryption_profile},"decrypt_mirror":{"enable":0,"mirror_profile":null}} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR ... isValid=1 ... appObjectIdArray=${2},${3} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]} #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3]}} Comment 创建带有替换比例的策略"enforcement_ratio":0.9999 ${policyDict} Create Dictionary ... policyName=${caseName}_IPobject ... policyType=pxy_manipulation ... policyDesc=${caseName} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.111111,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} #默认客户端条件类型:clientip or clientsubid ${Default_Client_Type} #... userRegion="'method':'replace','rules':[{'search_in':'http_req_uri','find':'find','replace_with':'replace'}],'enforcement_ratio':0.1,'protocol':'HTTP'" ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # #${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} #EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat ... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List schannel #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset ... ELSE Create List Tango Secure Gateway CA ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com ${logsize} Convert to String ${logsize} Append To File ${path}/enforcement_ratio.txt |-starttime:|${starttime}\r\n Append To File ${path}/enforcement_ratio.txt 0.111111访问1000次logsize:|${logsize} Append To File ${path}/enforcement_ratio.txt s:|${s} Append To File ${path}/enforcement_ratio.txt endtime:|${endtime}