gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
1f7ca19b43b2f70ed12f478f6d117ff6e1af9ebd
dongxiaoyan-tsg-autotest/01-TestCase/zjj/ZJJ_ProxyPolicy-Replace.robot

730 lines
47 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

*** Settings ***
Test Teardown DeletePolicyAndObject ${policyIds} ${objectids}
Force Tags zjj tsg_proxy replace
Library OperatingSystem
Resource ../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../03-Variable/PolicyObjectDefault.txt
Resource ../../02-Keyword/tsg_common/StmpHandle.robot
Resource ../../03-Variable/BifangApiVariable.txt
Library Custometest
Library json
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
${url} /policy/profile/responsepages
${profiledId} ${EMPTY}
*** Test Cases ***
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00001
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.0001,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00003
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00004
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9999,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
[Tags] selfserver SIP+DIP+URL
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00005
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建url
${objectDict} Create Dictionary
... objectType=fqdn
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_fqdnobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=$open.node.com
${rescode} ${object_FQDN_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_FQDN_Id}
#${dynamic_bypass} set variable "dynamic_bypass":{"ev_cert":1,"cert_transparency":1,"mutual_authentication":1,"cert_pinning":1,"protocol_errors":1}
#${protocol_version} set variable "protocol_version":{"min":"","max":"","mirror_client":1,"allow_http2":1}
#${certificate_checks} set variable "certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"fail-close"}
#${requestbody} set variable {"opAction":"add","returnData":1,"list":[{"profileName":"autotest_decryption_add","decryption":{${dynamic_bypass},${protocol_version},${certificate_checks}},"isValid":1,"isInitialize":0,"profileDesc":""}]}
#${data} Create List ${requestbody}
#${response} CreatePolicyFileNoFile ${url} ${data}
#${mirror_profile} Get From Dictionary ${response} profileId
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":0.5,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
#... userRegion={"protocol":"SSL","keyring":123,"decryption",1,"decrypt_mirror":{"enable":1,"mirror_profile":${mirror_profile}}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_FQDN_Id}|TSG_FIELD_SSL_SNI
... isValid=1
... appObjectIdArray=${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${securitypolicyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]}
Comment 创建带有比例的替换策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=pxy_manipulation
... policyDesc=${Default_PolicyDesc}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.9,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${securitypolicyId}]} {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00001.bat
... ELSE set variable curl -kv -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find&setCookie=set-cookie&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA
#OpenSSL SSL_connect: Connection was reset in connection toX-TG-Construct-By: tfe
#Send failure: Connection was reset Tango Secure Gateway CA
... ELSE Create List Tango Secure Gateway CA
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
:FOR ${n} IN RANGE 1000
SystemCommands ${commandstr} ${stringlist}
END
log endfor
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
${logsize} GetLogCount proxy_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
log 22${logsize}
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
#TestLogSize
#日志验证security_event_log
#GetLogListSize proxy_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#${logsize} GetLogListSize security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#log 11${logsize}
#${logsize} GetLogCount security_event_log 2020-04-28 09:40:00 2020-04-28 10:00:00 192.168.50.6 4837 ssl_sni httpdns.n.netease.co
#log 22${logsize}
ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-000012
[Tags] selfserver SIP+DIP+URL+ResHeader+ReqHeader
${caseName} set variable ZJJ_ProxyPolicy-Replace-ResbodyReqbocy-00002
Comment 创建目标IP
${objectDict} Create Dictionary
... objectType=ip
... isValid=1
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_IPobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=CIDR|192.168.100.5|32|0/0&${Default_AddItem_ServerIpFormat}|${Default_AddItem_ServerIp1}|${Default_AddItem_ServerIp2}|${Default_AddItem_ServerPort}|${Default_AddItem_IsInitialize}|${Default_AddItem_ItemName}|${Default_AddItem_ItemDesc}
${rescode} ${objectId} AddObject2 ${1} ${objectDict}
${objectids} set Variable ${objectId}
#创建url
${objectDict} Create Dictionary
... objectType=url
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_URLobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=open.node.com/action
${rescode} ${object_URL_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_URL_Id}
#创建Resheader
${objectDict} Create Dictionary
... objectType=http_signature
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_http_signatureheaderobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Set-Cookie
${rescode} ${object_ResH_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ResH_Id}
#创建ReqHeader
${objectDict} Create Dictionary
... objectType=http_signature
... isValid=${1}
... objectSubType=${Default_ObjectSubType}
... isInitialize=${Default_IsInitialize}
... isExclusion=${Default_IsExclusion}
... objectName=${caseName}_http_signatureheaderobject
... objectDesc=${Default_ObjectDesc}
... subObjectIds=${Default_SubObjectIds}
... addItemList=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725|Cookie
${rescode} ${object_ReqH_Id} AddObject2 ${1} ${objectDict}
${objectids} Catenate SEPARATOR=, ${objectids} ${object_ReqH_Id}
Comment 创建拦截策略
${policyDict} Create Dictionary
... policyName=${caseName}
... policyType=tsg_security
... policyDesc=${caseName}
... action=intercept
... effectiveRange=${Default_EffectiveRange}
... userRegion={"protocol":"SSL","protocol_version":{"allow_http2":1,"min":"ssl3","max":"tls13","mirror_client":1},"dynamic_bypass":{"mutual_authentication":1,"cert_pinning":1,"cert_transparency":0,"protocol_errors":1,"ev_cert":0},"decrypt_mirror":{"enable":0},"certificate_checks":{"fail_action":"pass-through","approach":{"self-signed":1,"expiration":1,"cn":1,"issuer":1}},"keyring":1}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR
... isValid=1
... appObjectIdArray=${2},${3}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${policyIds} Create List {"policyType":"tsg_security","policyIds":[${policyId}]}
#{"opAction":"add","policyList":{"policyId":"","policyName":"dxytest","policyType":"tsg_security","action":"intercept","userTags":"","doBlacklist":0,"doLog":1,"policyDesc":"","effectiveRange":{"tag_sets":[[]]},"userRegion":{"protocol":"SSL","keyring":1,"dynamic_bypass":{"ev_cert":0,"cert_transparency":0,"mutual_authentication":1,"protocol_errors":1,"cert_pinning":1},"certificate_checks":{"approach":{"cn":1,"issuer":1,"self-signed":1,"expiration":1},"fail_action":"pass-through"},"protocol_version":{"min":"ssl3","max":"tls13","mirror_client":1,"allow_http2":1},"decrypt_mirror":{"enable":0,"mirror_profile":null}},"referenceObject":[{"objectId":112,"protocolFields":["TSG_SECURITY_SOURCE_ADDR"]},{"objectId":8337,"protocolFields":["TSG_SECURITY_DESTINATION_ADDR"]}],"isValid":0,"scheduleId":[],"appObjectIdArray":[2,3]}}
Comment 创建带有替换比例的策略"enforcement_ratio":0.9999
${policyDict} Create Dictionary
... policyName=${caseName}_IPobject
... policyType=pxy_manipulation
... policyDesc=${caseName}
... action=manipulation
... effectiveRange=${Default_EffectiveRange}
... userRegion={"method":"replace","rules":[{"search_in":"http_req_body","find":"find汉字 результатом манипуляций","replace_with":"replace"},{"search_in":"http_res_body","find":"replace","replace_with":"replacetest"}],"enforcement_ratio":0.1,"protocol":"HTTP"}
... referenceObject=${objectId}|TSG_SECURITY_DESTINATION_ADDR,${object_URL_Id}|TSG_FIELD_HTTP_URL,${object_ReqH_Id}|TSG_FIELD_HTTP_REQ_HDR,${object_ResH_Id}|TSG_FIELD_HTTP_RES_HDR
... isValid=1
... appObjectIdArray=${2}
... userTags=${Default_UserTags}
... doLog=${Default_DoLog}
... scheduleId=${Default_ScheduleId}
#默认客户端条件类型clientip or clientsubid ${Default_Client_Type}
#... userRegion="'method':'replace','rules':[{'search_in':'http_req_uri','find':'find','replace_with':'replace'}],'enforcement_ratio':0.1,'protocol':'HTTP'"
${rescode} ${policyId} AddPolicy2 ${1} ${policyDict}
${s} Convert to String ${policyId}
${policyIds} Create List {"policyType":"pxy_manipulation","policyIds":[${policyId}]}
#{"objectId":5668,"protocolFields":["TSG_FIELD_HTTP_HOST"]},{"objectId":7732,"protocolFields":["TSG_FIELD_HTTP_URL"]}]}
#
#${disablePolciy} set variable {"opAction":"enable","policyList":[{"policyType":"pxy_manipulation","policyId":[${policyId}]}]}
#EditPolicy ${disablePolciy}
Comment 功能端验证SSL验证
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${path}/zjj/ZJJ_ProxyPolicy-Replace-00002.bat
... ELSE set variable curl -kv --cookie "JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725" -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "reqBody=find汉字 результатом манипуляций&setCookie=JSESSIONID=976F28F6C1A5B803B0CDF5FF3E1D2725&contentType=text/html;charset=UTF-8&resBody=Response Body" https://open.node.com/action
${stringlist} run keyword if '${systemType}'=='Windows' Create List Tango Secure Gateway CA replacetest
#OpenSSL SSL_connect: Connection was reset in connection to
#Send failure: Connection was reset
... ELSE Create List Tango Secure Gateway CA replacetest
${starttime} Get Time
Sleep ${policyVerificationSleepSeconds}s
${rescode} SystemCommands ${commandstr} ${stringlist}
Sleep ${policyLogVerificationSleepSeconds}s
${endtime} Get Time
#日志验证
GetLogList security_event_log ${starttime} ${endtime} ${testClentIP} ${s} ssl_sni open.node.com
${logsize} Convert to String ${logsize}
Append To File ${path}/enforcement_ratio.txt ${starttime}
Append To File ${path}/enforcement_ratio.txt ${logsize}
Append To File ${path}/enforcement_ratio.txt ${s}
Append To File ${path}/enforcement_ratio.txt ${endtime}
Reference in New Issue View Git Blame Copy Permalink