356 lines
22 KiB
Plaintext
356 lines
22 KiB
Plaintext
*** Settings ***
|
||
Test Teardown DeletePolicyAndObjectAndApplicationAndSignature ${policyIds} ${objectids}
|
||
Force Tags tsg_adc tsg_security
|
||
Library OperatingSystem
|
||
Library Selenium2Library
|
||
Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot
|
||
Resource ../../../02-Keyword/tsg_adc/FileOperation.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot
|
||
Resource ../../../03-Variable/ApplicationID.txt
|
||
Resource ../../../03-Variable/BifangApiVariable.txt
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/Application.robot
|
||
Resource ../../../02-Keyword/tsg_bfapi/policy_object/ProcessPolicyBody.robot
|
||
Library ../../../04-CustomLibrary/Library/VerifyPolicy.py
|
||
*** Variables ***
|
||
${policyIds} ${EMPTY}
|
||
${objectids} ${EMPTY}
|
||
|
||
*** Test Cases ***
|
||
SecurityPolicy-Monitor-SSL-00001
|
||
[Tags] Monitor IP SSL SNI SAN CN
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建SNI
|
||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建CN
|
||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建SAN
|
||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||
|
||
Comment 创建Monitor策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN,${objectId1}|TSG_FIELD_SSL_SNI,${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni} ${cn} ${san}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||
... ELSE set variable curl https://www.academia.org/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||
... ELSE Create List Accuracy In Academia
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
SecurityPolicy-Monitor-SSL-00002
|
||
[Tags] Monitor IP SSL SNI
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建SNI
|
||
${addItemList1} Create Dictionary keywordArray=*freecountry.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId1} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1}
|
||
|
||
Comment 创建Monitor策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId1}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${sni} Create Dictionary attributeType=string attributeName=sni appId=199 appName=ssl protocol=ssl attributeValue={"string": "freecountry.com"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${sni}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00001_1.bat
|
||
... ELSE set variable curl \ https://freecountry.com/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Jackets
|
||
... ELSE Create List Jackets
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni freecountry.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
SecurityPolicy-Monitor-SSL-00003
|
||
[Tags] Monitor IP SSL CN
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
|
||
Comment 创建CN
|
||
${addItemList1} Create Dictionary keywordArray=*keysnews.com isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId2} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId2}
|
||
|
||
Comment 创建Monitor策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId2}|TSG_FIELD_SSL_CN isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${cn} Create Dictionary attributeType=string attributeName=cn appId=199 appName=ssl protocol=ssl attributeValue={"string": "keysnews.com"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${cn}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00002.bat
|
||
... ELSE set variable curl https://www.keysnews.com/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List keysnews.com
|
||
... ELSE Create List keysnews.com
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.keysnews.com
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
SecurityPolicy-Monitor-SSL-00004
|
||
[Tags] Monitor IP SSL SAN
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
Comment 创建SAN
|
||
${addItemList1} Create Dictionary keywordArray=*academia.org isHexbin=${0}
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict1} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId3} AddObjects ${1} ${objectDict1}
|
||
${objectids} Catenate SEPARATOR=, ${objectids} ${objectId3}
|
||
|
||
Comment 创建Monitor策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} filterList=${objectId3}|TSG_FIELD_SSL_SAN isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${san} Create Dictionary attributeType=string attributeName=san appId=199 appName=ssl protocol=ssl attributeValue={"string": "academia.org"}
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination} ${san}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||
... ELSE set variable curl https://www.academia.org/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||
... ELSE Create List Accuracy In Academia
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni www.academia.org
|
||
Should Be Equal As Strings ${returnvalue} true
|
||
|
||
SecurityPolicy-Monitor-SSL-00005
|
||
[Tags] Monitor IP SSL
|
||
Comment 创建IP
|
||
${addItemList1} Create Dictionary isSession=endpoint ip=${testClentIP} port=0-65535 direction=0 protocol=0 isInitialize=0
|
||
${addItemLists} Create list ${addItemList1}
|
||
${objectDict} Create Dictionary objectType=ip objectSubType=endpoint isValid=${1} addItemList=${addItemLists}
|
||
${rescode} ${objectId} AddObjects ${1} ${objectDict}
|
||
${objectids} set Variable ${objectId}
|
||
|
||
|
||
Comment 创建Monitor策略
|
||
${policyDict} Create Dictionary policyName=${TEST NAME} policyType=tsg_security action=monitor source=${objectId}|TSG_SECURITY_SOURCE_ADDR userRegion={"protocol":"SSL"} isValid=${1} appIdObjects=${SSL_ID}
|
||
${rescode} ${policyId} AddPolicies 1 ${policyDict} v2
|
||
${policyIds} set Variable ${policyId}[0][policyIds][0]
|
||
|
||
${starttime} Get Time
|
||
#功能端验证
|
||
Sleep ${policyVerificationSleepSeconds}s
|
||
|
||
Comment 策略验证
|
||
#新增策略验证
|
||
#创建attributes中的字典
|
||
${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "199"}
|
||
|
||
${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"}
|
||
${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"}
|
||
# 合成attributes字典集
|
||
${attributes} Create List ${app_id} ${ipsource} ${ipdestination}
|
||
${verifySession} Create Dictionary attributes=${attributes}
|
||
${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession}
|
||
log ${verifyList}
|
||
${rescode} ${resData} VerifyPolicies ${verifyList}
|
||
# 打印检查结果
|
||
${objectid_verify} Set Variable ${objectids}
|
||
${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyIds}
|
||
# # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中
|
||
log ${objectid_verify}
|
||
${testType} Evaluate type($objectid_verify)
|
||
${testType} Evaluate type($resData)
|
||
log ${resData}
|
||
sleep 5
|
||
${ok} VerifyProxy ${resData} ${objectid_verify}
|
||
Should Be Equal As Strings ${ok} true
|
||
|
||
|
||
Comment 功能端验证HTTP验证
|
||
${commandstr} run keyword if '${systemType}'=='Windows' set variable ${curlbatpath}/command/SecurityPolicy_Monitor_SSL_00003.bat
|
||
... ELSE set variable curl https://www.academia.org/
|
||
${stringlist} run keyword if '${systemType}'=='Windows' Create List Accuracy In Academia
|
||
... ELSE Create List Accuracy In Academia
|
||
${rescode} SystemCommands ${commandstr} ${stringlist}
|
||
|
||
Comment 日志验证
|
||
#日志验证
|
||
${s} Convert to String ${policyIds}
|
||
${returnvalue} GetLogList_new security_event_log ${starttime} ${testClentIP} ${s} ssl_sni SSL
|
||
Should Be Equal As Strings ${returnvalue} true |