*** Settings *** Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} Force Tags zjj tsg_proxy replace Library OperatingSystem Resource ../../02-Keyword/tsg_adc/SystemCommand.robot Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot Resource ../../03-Variable/PolicyObjectDefault.txt Resource ../../02-Keyword/tsg_common/StmpHandle.robot Resource ../../03-Variable/BifangApiVariable.txt Library Custometest Library json *** Variables *** ${policyIds} ${EMPTY} ${objectids} ${EMPTY} ${url} /policy/profile/responsepages ${profiledId} ${EMPTY} *** Test Cases *** ZJJ_ProxyPolicy-Replace-Uri-00001 [Tags] selfserver ${caseName} set variable ZJJ_ProxyPolicy-Replace-Uri-00001 # 创建对象-IP # addItemList全参数:(为方便说明,将参数值拆分为几部分,其实际值为单条无空格/回车字符串,每部分内代表的各参数不可跳跃。) # [addrType]|[protocol]|[direction]|[isSession]# 第一部分(可省略) # [clientIpFormat]|[clientIp1]|[clientIp2]|[clientPort1/clientPort2]& 第二部分(不可省略) # [serverIpFormat]|[serverIp1]|[serverIp2]|[serverPort1/serverPort2]| 第三部分(可省略) # [isInitialize]|[itemName]|[itemDesc], 第四部分(可省略) # ... Comment 创建目标IP ${objectDict} Create Dictionary ... objectType=ip ... isValid=1 ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_IPobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc} ${rescode} ${objectId} AddObject2 ${1} ${objectDict} ${objectids} set Variable ${objectId} #创建url ${objectDict} Create Dictionary ... objectType=url ... isValid=${1} ... objectSubType=${Default_ObjectSubType} ... isInitialize=${Default_IsInitialize} ... isExclusion=${Default_IsExclusion} ... objectName=${caseName}_URLobject ... objectDesc=${Default_ObjectDesc} ... subObjectIds=${Default_SubObjectIds} ... addItemList=open.node.com/action ${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict} ${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id} Comment 创建安全策略,针对所有协议,相当于BlackIP ${policyDict} Create Dictionary ... policyName=${caseName}_IPobject ... policyType=pxy_manipulation ... policyDesc=${Default_PolicyDesc} ... action=manipulation ... effectiveRange=${Default_EffectiveRange} ... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"} ... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL ... isValid=1 ... appObjectIdArray=${2} ... userTags=${Default_UserTags} ... doLog=${Default_DoLog} ... scheduleId=${Default_ScheduleId} #默认客户端条件类型:clientip or clientsubid ${Default_Client_Type} #... userRegion="'method':'replace','rules':[{'search_in':'http_req_uri','find':'find','replace_with':'replace'}],'enforcement_ratio':0.1,'protocol':'HTTP'" ${rescode} ${policyId} AddPolicy2 ${1} ${policyDict} ${s} Convert to String ${policyId} ${policyIds} Create List {"policyType":"pxy_manipulation","policyIds":[${policyId}]} #{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]} # ${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]} EditPolicy ${disablePolciy} Comment 功能端验证SSL验证 ${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/zjj/ZJJ_ProxyPolicy-Replace-Uri-00001.bat ... ELSE set variable curl -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=content-type&resBody=Response Body" https://open.node.com/action ${stringlist} run keyword if '${systemType}'=='Windows' Create List Connection was reset #OpenSSL SSL_connect: Connection was reset in connection to #Send failure: Connection was reset ... ELSE Create List OpenSSL SSL_connect: Connection reset by peer in connection to ${starttime} Get Time Sleep ${policyVerificationSleepSeconds}s ${rescode} SystemCommands ${commandstr} ${stringlist} Sleep ${policyLogVerificationSleepSeconds}s ${endtime} Get Time #日志验证 GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com #{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"pxy_manipulation","action":"manipulation","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"阿斯蒂","effectiveRange":{"tag_sets":[[]]},"userRegion":{"method":"replace","rules":[{"search_in":"http_req_uri","find":"find","replace_with":"replace"}],"protocol":"HTTP"},"isValid":0,"scheduleId":[],"appObjectIdArray":[2],"referenceObject":[{"objectId":10103,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]},{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}}