gfwleak/dongxiaoyan-tsg-autotest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
6bf28973ab1be1fa4751f8f3ea0a5c202c417e89
dongxiaoyan-tsg-autotest/01-TestCase/tsg_adc/api_security/DenyFtpTests.robot

349 lines
21 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

*** Settings ***
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
Force Tags tsg_adc tsg_security
Library OperatingSystem
Library Custometest
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
Resource ../../../03-Variable/ApplicationID.txt
Resource ../../../03-Variable/BifangApiVariable.txt
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
*** Variables ***
${policyIds} ${EMPTY}
${objectids} ${EMPTY}
*** Test Cases ***
SecurityPolicy-Deny-FTP-00001
[Tags] Deny IP FTP
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account FTP
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00002
[Tags] Deny IP FTP Account URI Content
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Account
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建URI
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
Comment 创建Content
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT,${objectId3}|TSG_FIELD_FTP_CONTENT,${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url} ${Content} ${Account}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00003
[Tags] Deny IP FTP Account
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Account
${addItemList1} Create Dictionary keywordArray=*user isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${Account} Create Dictionary attributeType=string attributeName=account appId=45 appName=ftp protocol=http attributeValue={"string": "ftpuser"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Account}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
SecurityPolicy-Deny-FTP-00004
[Tags] Deny IP FTP URI
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建URI
${addItemList1} Create Dictionary keywordArray=*123456.txt isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId2}|TSG_FIELD_FTP_URI isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${url} Create Dictionary attributeType=string attributeName=url appId=45 appName=ftp protocol=ftp attributeValue={"string": "192.168.40.158/123456.txt"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${url}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
SecurityPolicy-Deny-FTP-00005
[Tags] Deny IP FTP Content
Comment 创建IP
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
${addItemLists} Create list ${addItemList1}
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId} AddObjects ${1} ${objectDict}
${objectids} set Variable ${objectId}
Comment 创建Content
${addItemList1} Create Dictionary keywordArray=*qwertyuiop isHexbin=${0}
${addItemLists} Create list ${addItemList1}
${objectDict1} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists}
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
Comment 创建Deny策略
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=deny source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"FTP","method":"drop"} filterList=${objectId1}|TSG_FIELD_FTP_CONTENT isValid=${1} appIdObjects=${FTP_ID}
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
${policyIds} set Variable ${policyId}[0][policyIds][0]
${starttime} Get Time
#功能端验证
Sleep ${policyVerificationSleepSeconds}s
Comment 策略验证
#新增策略验证
#创建attributes中的字典
${Content} Create Dictionary attributeType=string attributeName=content appId=45 appName=ftp protocol=http attributeValue={"string": "123456789qwertyuiop"}
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "45"}
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip": "${testClentIP}","port": "80","tableName": "TSG_SECURITY_SOURCE_ADDR","addrType": 4,"protocol": "6"}
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "192.168.40.158","port": "80","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"}
# 合成attributes字典集
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${Content}
${verifySession} Create Dictionary attributes=${attributes}
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
log ${verifyList}
${rescode} ${resData} VerifyPolicies ${verifyList}
# 打印检查结果
${objectid_verify} Set Variable ${objectids}
${objectid_verify} Catenate SEPARATOR=, ${policyIds}
# # 调用关键字 提取应答json获取其中所有的id值并判断新下发的id值是否在应答json的id中
log ${objectid_verify}
${testType} Evaluate type($objectid_verify)
${testType} Evaluate type($resData)
log ${resData}
sleep 5
${ok} VerifyProxy ${resData} ${objectid_verify}
Should Be Equal As Strings ${ok} true
Comment 功能端验证
${FTP} FTP_login ftp://192.168.40.158/123456.txt -u ftpuser:111111 123456789qwertyuiop
# should contain ${FTP} ftp_fail
run keyword if '${systemType}'=='Windows' should contain ${FTP} ftp_fail
... ELSE should contain ${FTP} Fail
Comment 日志验证
#日志验证
${s} Convert to String ${policyIds}
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ftp_account ftpuser
Should Be Equal As Strings ${returnvalue} true
Reference in New Issue View Git Blame Copy Permalink