713 lines
51 KiB
Plaintext
713 lines
51 KiB
Plaintext
*** Settings ***
|
||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids} policyids1=${policyIds1} url=${url} profiledId=${profiledId}
|
||
Force Tags tsg_adc tsg_security
|
||
Library OperatingSystem
|
||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||
Resource ../../../03-Variable/ApplicationID.txt
|
||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||
|
||
|
||
*** Variables ***
|
||
${policyIds} ${EMPTY}
|
||
${objectids} ${EMPTY}
|
||
${url} /v1/policy/profile/hijackfiles
|
||
${profiledId} ${EMPTY}
|
||
|
||
*** Test Cases ***
|
||
ProxyPolicy-Hijack-00001
|
||
[Tags] Hijack IP HTTP URL
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=or.tv/news isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test.apk hijack {"isValid":1,"contentType":"application/vnd.android.package-archive","opAction":"add","profileName":"test1","contentName":"Create-Hijack Files-test.apk","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "vator.tv/news"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00001.bat
|
||
... ELSE set variable curl -kv https://vator.tv/news
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00001.bat
|
||
... ELSE set variable curl -kv https://vator.tv/news
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA
|
||
... ELSE Create List 6b72:f91d:6f81:bfcd:5b0f:e81d:f827:e075 Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host vator.tv
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
|
||
ProxyPolicy-Hijack-00002
|
||
[Tags] Hijack IP HTTP URL Host
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=www.lexus.ru isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建fqdn
|
||
${addItemList1} Create Dictionary keywordArray=$www.lexus.ru isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.lexus.ru/"}
|
||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.lexus.ru"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${fqdn}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00003.bat
|
||
... ELSE set variable curl -kv https://www.lexus.ru/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac Tango Secure Gateway CA
|
||
... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.lexus.ru
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
ProxyPolicy-Hijack-00003
|
||
[Tags] Hijack IP HTTP URL User-Agent
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=channel/dianying/ isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment User-Agent
|
||
${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.ixigua.com/channel/dianying/"}
|
||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0","district": "User-Agent"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ua}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00005.bat
|
||
... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00005_L.bat
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Files-test-5.png Tango Secure Gateway CA
|
||
... ELSE Create List Files-test-5.png Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.ixigua.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
ProxyPolicy-Hijack-00004
|
||
[Tags] Hijack IP HTTP URL Content-Type
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=/eng/start/ isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment Content-Type
|
||
${addItemList1} Create Dictionary keywordArray=text* isHexbin=${0} district=Content-Type
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-1.exe hijack {"isValid":1,"contentType":"application/x-msdos-program","opAction":"add","profileName":"test2","contentName":"Create-Hijack Files-test-1.exe","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.airwargame.com/eng/start/"}
|
||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "text","district": "Content-Type"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00011.bat
|
||
... ELSE set variable curl http://www.airwargame.com/eng/start/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
|
||
... ELSE Create List b76f:a340:7b1f:f4d0:27f3:8f0e:2db0:2bac
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.airwargame.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
|
||
ProxyPolicy-Hijack-00005
|
||
[Tags] Hijack IP HTTP URL Cookie
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=corporates/ isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment Cookie
|
||
${addItemList1} Create Dictionary keywordArray=saltkey isHexbin=${0} district=Cookie
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-5.png hijack {"isValid":1,"contentType":"image/png","opAction":"add","profileName":"test4","contentName":"Create-Hijack Files-test-5.png","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.reval.com/corporates/"}
|
||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "saltkey","district": "Cookie"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${req_hdr_ck}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012.bat
|
||
... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012_L.bat
|
||
sleep 3
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012.bat
|
||
... ELSE set variable ${curlbatpath}/command/ProxyPolicy_hijack_00012_L.bat
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List bFiles-test-5.png Tango Secure Gateway CA
|
||
... ELSE Create List bFiles-test-5.png Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.reval.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
ProxyPolicy-Hijack-00006
|
||
[Tags] Hijack IP HTTP URL Set-Cookie
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=nsscreencast isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment Set-Cookie
|
||
${addItemList1} Create Dictionary keywordArray=_nsscreencast_session_ isHexbin=${0} district=Set-Cookie
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "nsscreencast.com/episodes"}
|
||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "_nsscreencast_session_","district": "Set-Cookie"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00013.bat
|
||
... ELSE set variable curl -kv https://nsscreencast.com/episodes
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_hijack_00013.bat
|
||
... ELSE set variable curl -kv https://nsscreencast.com/episodes
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA
|
||
... ELSE Create List test-4.jpeg Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host nsscreencast.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
ProxyPolicy-Hijack-00007
|
||
[Tags] Hijack IP HTTP 最大组合1
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建fqdn
|
||
${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment Cookie
|
||
${addItemList1} Create Dictionary keywordArray=__stripe_sid isHexbin=${0} district=Cookie
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId3} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||
|
||
Comment Set-Cookie
|
||
${addItemList1} Create Dictionary keywordArray=Domain=.intervalworld.com isHexbin=${0} district=Set-Cookie
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId4} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"}
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"}
|
||
${req_hdr_ck} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "__stripe_sidafdsvxvx","district": "Cookie"}
|
||
${res_hdr_sc} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "Domain=.intervalworld.com","district": "Set-Cookie"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_sc} ${fqdn} ${req_hdr_ck}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat
|
||
... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA
|
||
... ELSE Create List test-4.jpeg Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
ProxyPolicy-Hijack-00008
|
||
[Tags] Hijack IP HTTP 最大组合2
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建fqdn
|
||
${addItemList1} Create Dictionary keywordArray=*intervalworld.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建url
|
||
${addItemList1} Create Dictionary keywordArray=intervalworld.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment User-Agent
|
||
${addItemList1} Create Dictionary keywordArray=Mozilla/5.0* isHexbin=${0} district=User-Agent
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId3} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||
|
||
Comment Content-Type
|
||
${addItemList1} Create Dictionary keywordArray=charset isHexbin=${0} district=Content-Type
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=http_signature objectSubType=http_signature isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId4} AddObjects ${1} ${objectDict}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId4}
|
||
|
||
Comment 创建hijack文件
|
||
${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-Hijack Files-test-4.jpeg hijack {"isValid":1,"contentType":"image/jpeg","opAction":"add","profileName":"test5","contentName":"Create-Hijack Files-test-4.jpeg","profileId":null,"returnData":1}
|
||
${profiledId} Get From Dictionary ${response} profileId
|
||
|
||
Comment 创建Intercept策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security policyDesc=autotest action=intercept source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
|
||
Comment 创建Hijack策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=pxy_manipulation policyDesc=autotest action=manipulation source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_HOST,${objectId2}|TSG_FIELD_HTTP_URL,${objectId3}|TSG_FIELD_HTTP_REQ_HDR,${objectId4}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=${HTTP_ID}
|
||
log ${policyDict}
|
||
${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2
|
||
${policyIds1} set Variable ${policyId1}[0][policyIds][0]
|
||
|
||
|
||
${starttime} Get Time
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${fqdn} Create Dictionary attributeType=string attributeName=host appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com"}
|
||
${url1} Create Dictionary attributeType=string attributeName=url appId=67 appName=http protocol=http attributeValue={"string": "www.intervalworld.com/web/my/home"}
|
||
${res_hdr_ct} Create Dictionary attributeType=signature attributeName=res_hdr appId=67 appName=http protocol=http attributeValue={"string": "charset=text","district": "Content-Type"}
|
||
${req_hdr_ua} Create Dictionary attributeType=signature attributeName=req_hdr appId=67 appName=http protocol=http attributeValue={"string": "Mozilla/5.0fsfwhh","district": "User-Agent"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "67"}
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url1} ${res_hdr_ct} ${fqdn} ${req_hdr_ua}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${policyIds1} ${objectid_verify}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/ProxyPolicy_insert_00014.bat
|
||
... ELSE set variable curl -kv \ --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36" \ --cookie "__cfduid=d5c21129d57e7124b729fd86dc82abdcd1596020306; __stripe_sid=2940d4d5-6822-4daf-8b38-9cd18d745beb; __stripe_mid=dd118cd8-845c-4b6e-98ce-81e8d5bdd52c" --referer 'https://www.baidu.com/' \ https://www.intervalworld.com/web/my/home
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List test-4.jpeg Tango Secure Gateway CA
|
||
... ELSE Create List test-4.jpeg Tango Secure Gateway CA
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds1}
|
||
${returnvalue} GetLogList_new proxy_event_log ${starttime} ${testClentIP} ${s} http_host www.intervalworld.com
|
||
Should Be Equal As Strings ${returnvalue} true |