diff options
| author | zxm06 <[email protected]> | 2022-05-18 11:35:24 +0800 |
|---|---|---|
| committer | zxm06 <[email protected]> | 2022-05-18 11:35:24 +0800 |
| commit | 5ace33121ebf52b0bb94bf41da91abddc4e53b92 (patch) | |
| tree | 467804a402adfd5504c2826b72f8a3dd900dceb7 | |
| parent | 55607b956f44199efa10b3ec3d2b235f4e707150 (diff) | |
提交安全策略id优先级用例
37 files changed, 900 insertions, 291 deletions
diff --git a/case/multi_step/b_ballow_ssl_tests_verify.robot b/case/multi_step/b_ballow_ssl_tests_verify.robot index 25b9f42..037ba68 100644 --- a/case/multi_step/b_ballow_ssl_tests_verify.robot +++ b/case/multi_step/b_ballow_ssl_tests_verify.robot @@ -2,7 +2,6 @@ Force Tags tsg_adc_wp tsg_bf_api Trusted_Certificate_Authorities Library String Library OperatingSystem -Library Selenium2Library Library Collections Library json Library DateTime diff --git a/case/multi_step/b_edeny_dns_tests_verify.robot b/case/multi_step/b_edeny_dns_tests_verify.robot index 37c97e7..09d6cb7 100644 --- a/case/multi_step/b_edeny_dns_tests_verify.robot +++ b/case/multi_step/b_edeny_dns_tests_verify.robot @@ -29,7 +29,7 @@ security_policy_deny_dns_00001 ${apn_id} Create Dictionary attributeType=string attributeName=apn appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "hahauawei.org"} ${qname_fqdn_id1} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.facebook.com"} ${qname_fqdn_id2} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "rutube.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}" } + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 @@ -54,7 +54,7 @@ security_policy_deny_dns_00002 ${phone_number_id} Create Dictionary attributeType=string attributeName=phone_number appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "1384487111111"} ${apn_id} Create Dictionary attributeType=string attributeName=apn appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "huawei.com"} ${qname_fqdn_id} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.arctictrucks.ru"} - ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}" } + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip": "252.252.252.252","port": "443","tableName": "TSG_SECURITY_DESTINATION_ADDR","addrType": 4,"protocol": "6"} # 合成attributes字典集 diff --git a/case/policies/proxy/http.robot b/case/policies/proxy/http.robot index b97d529..c4a6004 100644 --- a/case/policies/proxy/http.robot +++ b/case/policies/proxy/http.robot @@ -100,14 +100,10 @@ deny-resheader-substring [Tags] SingleFilter ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/proxy/http/proxy-http-deny-resheader-substring-data.yaml ${TEST NAME} - - deny-reqbody-substring [Tags] SingleFilter ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/proxy/http/proxy-http-deny-reqbody-substring-data.yaml ${TEST NAME} - - deny-resbody-substring [Tags] SingleFilter ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/proxy/http/proxy-http-deny-resbody-substring-data.yaml ${TEST NAME} diff --git a/case/policies/security/ftp.robot b/case/policies/security/ftp.robot index 6ef3ff0..afadf42 100644 --- a/case/policies/security/ftp.robot +++ b/case/policies/security/ftp.robot @@ -46,8 +46,6 @@ deny-uri-substring deny-uri-exactly [Tags] Reset Tamper RateLimit ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ftp/security-ftp-deny-uri-exactly-data.yaml ${TEST NAME} - - deny-content-suffix [Tags] Reset Tamper RateLimit diff --git a/case/policies/security/priority/security_dns_priority_tests.robot b/case/policies/security/priority/security_dns_priority_tests.robot new file mode 100644 index 0000000..ec67669 --- /dev/null +++ b/case/policies/security/priority/security_dns_priority_tests.robot @@ -0,0 +1,163 @@ +*** Settings *** +Test Setup LoginAndAddLocalIP +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} ${categoryIds} +Force Tags tsg_adc_wp adc_api security_policy +Library OperatingSystem +Resource ../../../../keyword/common/systemcommand.robot +# Resource ../../keyword/common/log_variable.robot +Resource ../../../../keyword/common/file_operation.robot +Resource ../../../../keyword/objects/object.robot +Resource ../../../../keyword/policys/policy.robot +Resource ../../../../keyword/common/login_logout_switch.robot +Library ../../../../customlib/verify_policy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${categoryIds} ${EMPTY} + +*** Test Cases *** + +security_policy_deny_dns_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup www.youtube.com -timeout=1 commandRes=connection timed out logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_dns_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*ngrinews.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "ngrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup tengrinews.kz commandRes=tengrinews.kz logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + + diff --git a/case/policies/security/priority/security_ftp_priority_tests.robot b/case/policies/security/priority/security_ftp_priority_tests.robot new file mode 100644 index 0000000..21dfeb3 --- /dev/null +++ b/case/policies/security/priority/security_ftp_priority_tests.robot @@ -0,0 +1,158 @@ +*** Settings *** +Test Setup LoginAndAddLocalIP +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} ${categoryIds} +Force Tags tsg_adc_wp adc_api security_policy +Library OperatingSystem +Resource ../../../../keyword/common/systemcommand.robot +# Resource ../../keyword/common/log_variable.robot +Resource ../../../../keyword/common/file_operation.robot +Resource ../../../../keyword/objects/object.robot +Resource ../../../../keyword/policys/policy.robot +Resource ../../../../keyword/common/login_logout_switch.robot +Library ../../../../customlib/verify_policy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${categoryIds} ${EMPTY} + +*** Test Cases *** +security_policy_deny_ftp_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpu* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_ftp_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpuser isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=autotest logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + + diff --git a/case/policies/security/priority/security_http_priority_tests.robot b/case/policies/security/priority/security_http_priority_tests.robot new file mode 100644 index 0000000..aeb5ee8 --- /dev/null +++ b/case/policies/security/priority/security_http_priority_tests.robot @@ -0,0 +1,303 @@ +*** Settings *** +Test Setup LoginAndAddLocalIP +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} ${categoryIds} +Force Tags tsg_adc_wp adc_api security_policy +Library OperatingSystem +Resource ../../../../keyword/common/systemcommand.robot +# Resource ../../keyword/common/log_variable.robot +Resource ../../../../keyword/common/file_operation.robot +Resource ../../../../keyword/objects/object.robot +Resource ../../../../keyword/policys/policy.robot +Resource ../../../../keyword/common/login_logout_switch.robot +Library ../../../../customlib/verify_policy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${categoryIds} ${EMPTY} + +*** Test Cases *** +security_policy_allow_http_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$scoutbahamas.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_idPriority_00001 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_idPriority_00002 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "scoutbahamas.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://scoutbahamas.org/ commandRes=ScoutBahamas logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=scoutbahamas.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_http_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$by.841k.cn isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "by.841k.cn"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 http://by.841k.cn/home/user/index.html commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=by.841k.cn + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_http_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*w.hkbchina.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "w.hkbchina.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.hkbchina.com/portal/zh_CN/home/index.html commandRes=汉口银行 logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.hkbchina.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_intercept_http_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*bler.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_idPriority_00001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_idPriority_00002 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "bler.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.nymbler.com/ commandRes=nymbler logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.nymbler.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + diff --git a/case/policies/security/priority/security_mail_priority_tests.robot b/case/policies/security/priority/security_mail_priority_tests.robot new file mode 100644 index 0000000..ac38fe9 --- /dev/null +++ b/case/policies/security/priority/security_mail_priority_tests.robot @@ -0,0 +1,159 @@ +*** Settings *** +Test Setup LoginAndAddLocalIP +Test Teardown DeletePolicyAndObject ${policyIds} ${objectids} ${categoryIds} +Force Tags tsg_adc_wp adc_api security_policy +Library OperatingSystem +Resource ../../../../keyword/common/systemcommand.robot +# Resource ../../keyword/common/log_variable.robot +Resource ../../../../keyword/common/file_operation.robot +Resource ../../../../keyword/objects/object.robot +Resource ../../../../keyword/policys/policy.robot +Resource ../../../../keyword/common/login_logout_switch.robot +Library ../../../../customlib/verify_policy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${categoryIds} ${EMPTY} + +*** Test Cases *** + +security_policy_deny_mail_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_mail_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=root logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + + diff --git a/case/policies/security/priority/security_ssl_priority_tests.robot b/case/policies/security/priority/security_ssl_priority_tests.robot index f1d1638..faf65a4 100644 --- a/case/policies/security/priority/security_ssl_priority_tests.robot +++ b/case/policies/security/priority/security_ssl_priority_tests.robot @@ -159,7 +159,7 @@ security_policy_deny_ssl_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} -security_policy_deny_monitor_idPriority +security_policy_monitor_ssl_idPriority [Tags] fqdn完整匹配 update policy:ip geo geography Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=$telegram.org isHexbin=${0} @@ -230,7 +230,7 @@ security_policy_deny_monitor_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} -security_policy_deny_intercept_idPriority +security_policy_intercept_ssl_idPriority [Tags] fqdn完整匹配 update policy:ip geo geography Comment 创建fqdn ${addItemList1} Create Dictionary keywordArray=$tengrinews.kz isHexbin=${0} diff --git a/case/policies/security/ssl.robot b/case/policies/security/ssl.robot index e5038f3..3d1e60b 100644 --- a/case/policies/security/ssl.robot +++ b/case/policies/security/ssl.robot @@ -107,4 +107,46 @@ intercept-only-IpAndApplication [Tags] OnlySourceAndApp Famous sites ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-only-ipAndApplication-data.yaml ${TEST NAME} -
\ No newline at end of file +intercept-commonName-failAction + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-commonName-failAction-data.yaml ${TEST NAME} + +intercept-commonName + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-commonName-data.yaml ${TEST NAME} + +intercept-issue-failAction + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml ${TEST NAME} + +intercept-issue + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-issue-data.yaml ${TEST NAME} + +intercept-self-signed-failAction + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml ${TEST NAME} + +intercept-self-signed + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-self-signed-data.yaml ${TEST NAME} + +intercept-expiry-date-trusted + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml ${TEST NAME} + +intercept-expiry-date-untrusted + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-expiry-date-untrusted-data.yaml ${TEST NAME} + +intercept-ev-certificate + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-ev-certificate-data.yaml ${TEST NAME} + +intercept-certificate-transparency + [Tags] OnlySourceAndApp SslDecryptionProfile + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-certificate-transparency-data.yaml ${TEST NAME} + +intercept-decryption-exclusion + [Tags] OnlySourceAndApp SslDecryptionExclusion + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml ${TEST NAME}
\ No newline at end of file diff --git a/customlib/verify_policy.py b/customlib/verify_policy.py index 2be3711..38d1df6 100644 --- a/customlib/verify_policy.py +++ b/customlib/verify_policy.py @@ -15,7 +15,7 @@ def get_dict_allkeys(dict_a): for x in range(len(k)): temp_key = list(k.keys())[x] temp_value = k[temp_key] - if temp_key.endswith("objectId"): + if temp_key.endswith("Id"): key_list.append(temp_value) get_dict_allkeys(temp_value) # 自我调用实现无限遍历 return key_list diff --git a/other/data/proxy/http/proxy-http-deny-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml b/other/data/proxy/http/proxy-http-deny-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml index 6c8d86c..86569ea 100644 --- a/other/data/proxy/http/proxy-http-deny-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml +++ b/other/data/proxy/http/proxy-http-deny-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml @@ -25,7 +25,7 @@ "testMachine": - "hopeSuccessNumber": 1 - "command": 'curl --connect-timeout 5 -m 10 -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{\"requestbody\":\"reabodySubstring\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" https://open.node.com:1443/go | iconv -f utf-8 -t gbk' + "command": 'curl --connect-timeout 5 -m 10 -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{\"requestbody\":\"reabodySubstring\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" http://open.node.com:180/go | iconv -f utf-8 -t gbk' "commandRes": "Connection reset by peer" "logQueryParam": - diff --git a/other/data/proxy/http/proxy-http-deny-resheader-prefix-data.yaml b/other/data/proxy/http/proxy-http-deny-resheader-prefix-data.yaml index b167ffd..b0d0b5f 100644 --- a/other/data/proxy/http/proxy-http-deny-resheader-prefix-data.yaml +++ b/other/data/proxy/http/proxy-http-deny-resheader-prefix-data.yaml @@ -122,7 +122,7 @@ - "hopeSuccessNumber": 1 "command": "wget --debug -q -O- https://www.youtube.com/" - "commandRes": "Error 403" + "commandRes": "Error 451" "logQueryParam": - "queryFiledKey": "http_host" diff --git a/other/data/proxy/http/proxy-http-hijack-url-resheader-data.yaml b/other/data/proxy/http/proxy-http-hijack-url-resheader-data.yaml index ef228ef..81d6f37 100644 --- a/other/data/proxy/http/proxy-http-hijack-url-resheader-data.yaml +++ b/other/data/proxy/http/proxy-http-hijack-url-resheader-data.yaml @@ -100,7 +100,7 @@ "objectList": - "addItemList": - "keywordArray": - - "*utf-8" + - "utf-8" "district": "Content-Type" - "protocolField": "TSG_FIELD_HTTP_URL" diff --git a/other/data/proxy/http/proxy-http-monitor-fqdn-suffix-data.yaml b/other/data/proxy/http/proxy-http-monitor-fqdn-suffix-data.yaml index 2213e9a..51b364a 100644 --- a/other/data/proxy/http/proxy-http-monitor-fqdn-suffix-data.yaml +++ b/other/data/proxy/http/proxy-http-monitor-fqdn-suffix-data.yaml @@ -3,45 +3,6 @@ - "opAction": "add" "returnData": 1 - "policyName": "proxy-monitor-fqdn-suffix-001" - "policyType": "pxy_manipulation" - "isGre": 0 - "logType": "proxy_event" - "action": "monitor" - "userTags": "" - "doBlacklist": 0 - "doLog": 2 - "policyDesc": "autotest" - "effectiveRange": - "userRegion": - "protocol": "http" - "appIdObjects": - - "http" - "appSelectorObjects": - "isTestMachine": 1 - "testMachine": - - - "hopeSuccessNumber": 1 - "command": "wget --debug -q -O- https://newsela.com/" - "commandRes": "Error 403" - "logQueryParam": - - - "queryFiledKey": "http_host" - "queryValue": "newsela.com" - "isValid": 1 - "scheduleId": - "condation": - - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "$newsela.com" - - - "opAction": "add" - "returnData": 1 "policyName": "proxy-monitor-fqdn-suffix-002" "policyType": "pxy_manipulation" "isGre": 0 diff --git a/other/data/proxy/http/proxy-http-monitor-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml b/other/data/proxy/http/proxy-http-monitor-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml index e9bb26e..b273396 100644 --- a/other/data/proxy/http/proxy-http-monitor-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml +++ b/other/data/proxy/http/proxy-http-monitor-fqdn-url-reqheader-resheader-reqbody-resbody-data.yaml @@ -22,8 +22,8 @@ "testMachine": - "hopeSuccessNumber": 1 - "command": 'curl --connect-timeout 5 -m 10 -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{\"requestbody\":\"reabodySubstring\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" http://open.node.com:180/go | iconv -f utf-8 -t gbk' - "commandRes": "defaultCert" + "command": 'curl -kv --connect-timeout 5 -m 10 -H "Content-Type:application/json;charset=UTF-8" -X POST -d "{\"requestbody\":\"reabodySubstring\",\"setcook\":\"asdf\",\"contenttype\": \"charset\",\"responsebody\": \"resbody\"}" -kv --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" http://open.node.com:180/go | iconv -f utf-8 -t gbk' + "commandRes": "POST" "logQueryParam": - "queryFiledKey": "http_host" diff --git a/other/data/proxy/http/proxy-http-monitor-resheader-prefix-data.yaml b/other/data/proxy/http/proxy-http-monitor-resheader-prefix-data.yaml index dbaf231..6045f59 100644 --- a/other/data/proxy/http/proxy-http-monitor-resheader-prefix-data.yaml +++ b/other/data/proxy/http/proxy-http-monitor-resheader-prefix-data.yaml @@ -78,5 +78,5 @@ "objectList": - "addItemList": - "keywordArray": - - "YSC=2VAZlq*" + - "YSC=*" "district": "Set-Cookie"
\ No newline at end of file diff --git a/other/data/proxy/http/proxy-http-replace-url-resheader-data.yaml b/other/data/proxy/http/proxy-http-replace-url-resheader-data.yaml index 633bf58..2231439 100644 --- a/other/data/proxy/http/proxy-http-replace-url-resheader-data.yaml +++ b/other/data/proxy/http/proxy-http-replace-url-resheader-data.yaml @@ -45,7 +45,7 @@ "objectList": - "addItemList": - "keywordArray": - - "*utf-8" + - "text/html" "district": "Content-Type" - "protocolField": "TSG_FIELD_HTTP_URL" diff --git a/other/data/security/dns/security-dns-deny-fqdn-exactly-data.yaml b/other/data/security/dns/security-dns-deny-fqdn-exactly-data.yaml index d04be9d..2c8d175 100644 --- a/other/data/security/dns/security-dns-deny-fqdn-exactly-data.yaml +++ b/other/data/security/dns/security-dns-deny-fqdn-exactly-data.yaml @@ -39,14 +39,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -55,14 +47,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -83,12 +67,8 @@ - "keywordArray": - "$www.facebook.com" - "keywordArray": - - "$www.google.com.hk" - - "keywordArray": - "$telegram.org" - "keywordArray": - - "$www.bilibili.com" - - "keywordArray": - "$tengrinews.kz" - "opAction": "add" @@ -129,14 +109,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -145,14 +117,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -173,12 +137,8 @@ - "keywordArray": - "$www.facebook.com" - "keywordArray": - - "$www.google.com.hk" - - "keywordArray": - "$telegram.org" - "keywordArray": - - "$www.bilibili.com" - - "keywordArray": - "$tengrinews.kz" - "opAction": "add" @@ -300,14 +260,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com -timeout=1" - "commandRes": "2.2.2.2" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org -timeout=1" "commandRes": "2.2.2.2" "logQueryParam": @@ -316,14 +268,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com -timeout=1" - "commandRes": "2.2.2.2" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz -timeout=1" "commandRes": "2.2.2.2" "logQueryParam": @@ -344,11 +288,7 @@ - "keywordArray": - "$www.facebook.com" - "keywordArray": - - "$www.google.com.hk" - - "keywordArray": - "$telegram.org" - "keywordArray": - - "$www.bilibili.com" - - "keywordArray": - "$tengrinews.kz"
\ No newline at end of file diff --git a/other/data/security/dns/security-dns-deny-fqdn-suffix-data.yaml b/other/data/security/dns/security-dns-deny-fqdn-suffix-data.yaml index d9edb54..a209e1d 100644 --- a/other/data/security/dns/security-dns-deny-fqdn-suffix-data.yaml +++ b/other/data/security/dns/security-dns-deny-fqdn-suffix-data.yaml @@ -129,14 +129,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -145,14 +137,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com -timeout=1" - "commandRes": "connection timed out" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz -timeout=1" "commandRes": "connection timed out" "logQueryParam": @@ -173,12 +157,8 @@ - "keywordArray": - "*w.facebook.com" - "keywordArray": - - "*w.google.com.hk" - - "keywordArray": - "*gram.org" - "keywordArray": - - "*libili.com" - - "keywordArray": - "*inews.kz" - "opAction": "add" @@ -300,14 +280,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com -timeout=1" - "commandRes": "2.2.2.2" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org -timeout=1" "commandRes": "2.2.2.2" "logQueryParam": @@ -316,14 +288,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com -timeout=1" - "commandRes": "2.2.2.2" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz -timeout=1" "commandRes": "2.2.2.2" "logQueryParam": @@ -344,10 +308,6 @@ - "keywordArray": - "*w.facebook.com" - "keywordArray": - - "*w.google.com.hk" - - "keywordArray": - "*gram.org" - "keywordArray": - - "*libili.com" - - "keywordArray": - "*inews.kz" diff --git a/other/data/security/dns/security-dns-monitor-fqdn-exactly-data.yaml b/other/data/security/dns/security-dns-monitor-fqdn-exactly-data.yaml index be56bf0..926d194 100644 --- a/other/data/security/dns/security-dns-monitor-fqdn-exactly-data.yaml +++ b/other/data/security/dns/security-dns-monitor-fqdn-exactly-data.yaml @@ -28,40 +28,24 @@ "commandRes": "youtube-ui.l.google.com" "logQueryParam": - - "queryFiledKey": "common_server_ip" - "queryValue": "8.8.8.8" + "queryFiledKey": "dns_qname" + "queryValue": "www.youtube.com" - "hopeSuccessNumber": 1 "command": "nslookup www.facebook.com" "commandRes": "www.facebook.com" "logQueryParam": - - "queryFiledKey": "common_server_ip" - "queryValue": "8.8.8.8" - - - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com" - "commandRes": "www.google.com" - "logQueryParam": - - - "queryFiledKey": "common_server_ip" - "queryValue": "8.8.8.8" + "queryFiledKey": "dns_qname" + "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 "command": "nslookup telegram.org" "commandRes": "telegram.org" "logQueryParam": - - "queryFiledKey": "common_server_ip" - "queryValue": "8.8.8.8" - - - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com" - "commandRes": "i.w.bilicdn1.com" - "logQueryParam": - - - "queryFiledKey": "common_server_ip" - "queryValue": "8.8.8.8" + "queryFiledKey": "dns_qname" + "queryValue": "telegram.org" - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz" @@ -82,12 +66,8 @@ - "keywordArray": - "$www.facebook.com" - "keywordArray": - - "$www.google.com.hk" - - "keywordArray": - "$telegram.org" - "keywordArray": - - "$www.bilibili.com" - - "keywordArray": - "$tengrinews.kz" - "keywordArray": - "$www.youtube.com" diff --git a/other/data/security/dns/security-dns-monitor-fqdn-suffix-data.yaml b/other/data/security/dns/security-dns-monitor-fqdn-suffix-data.yaml index 0a216dd..89da469 100644 --- a/other/data/security/dns/security-dns-monitor-fqdn-suffix-data.yaml +++ b/other/data/security/dns/security-dns-monitor-fqdn-suffix-data.yaml @@ -40,14 +40,6 @@ "queryValue": "www.facebook.com" - "hopeSuccessNumber": 1 - "command": "nslookup www.google.com" - "commandRes": "www.google.com" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.google.com" - - - "hopeSuccessNumber": 1 "command": "nslookup telegram.org" "commandRes": "telegram.org" "logQueryParam": @@ -56,14 +48,6 @@ "queryValue": "telegram.org" - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com" - "commandRes": "i.w.bilicdn1.com" - "logQueryParam": - - - "queryFiledKey": "dns_qname" - "queryValue": "www.bilibili.com" - - - "hopeSuccessNumber": 1 "command": "nslookup tengrinews.kz" "commandRes": "tengrinews.kz" "logQueryParam": @@ -82,13 +66,11 @@ - "keywordArray": - "*cebook.com" - "keywordArray": - - "*ogle.com.hk" - - "keywordArray": - "*legram.org" - "keywordArray": - - "*ilibili.com" + - "*ngrinews.kz" - "keywordArray": - - "*ngrinews.kz" + - "$www.youtube.com" - "opAction": "update" "isEdit": 1 diff --git a/other/data/security/dns/security-dns-monitor-only-ipAndApplication-data.yaml b/other/data/security/dns/security-dns-monitor-only-ipAndApplication-data.yaml index fa61384..d8cd2a7 100644 --- a/other/data/security/dns/security-dns-monitor-only-ipAndApplication-data.yaml +++ b/other/data/security/dns/security-dns-monitor-only-ipAndApplication-data.yaml @@ -24,52 +24,12 @@ "testMachine": - "hopeSuccessNumber": 1 - "command": "nslookup www.youtube.com" - "commandRes": "youtube-ui.l.google.com" - "logQueryParam": - - - "queryFiledKey": "common_schema_type" - "queryValue": "DNS" - - - "hopeSuccessNumber": 1 - "command": "nslookup www.facebook.com" - "commandRes": "www.facebook.com" - "logQueryParam": - - - "queryFiledKey": "common_schema_type" - "queryValue": "DNS" - - - "hopeSuccessNumber": 1 "command": "nslookup www.google.com" "commandRes": "www.google.com" "logQueryParam": - "queryFiledKey": "common_schema_type" "queryValue": "DNS" - - - "hopeSuccessNumber": 1 - "command": "nslookup telegram.org" - "commandRes": "telegram.org" - "logQueryParam": - - - "queryFiledKey": "common_schema_type" - "queryValue": "DNS" - - - "hopeSuccessNumber": 1 - "command": "nslookup www.bilibili.com" - "commandRes": "i.w.bilicdn1.com" - "logQueryParam": - - - "queryFiledKey": "common_schema_type" - "queryValue": "DNS" - - - "hopeSuccessNumber": 1 - "command": "nslookup tengrinews.kz" - "commandRes": "tengrinews.kz" - "logQueryParam": - - - "queryFiledKey": "common_schema_type" - "queryValue": "DNS" "isValid": 1 "scheduleId": "condation": diff --git a/other/data/security/ftp/security-ftp-deny-account-exactly-data.yaml b/other/data/security/ftp/security-ftp-deny-account-exactly-data.yaml index 6d48fab..266c18c 100644 --- a/other/data/security/ftp/security-ftp-deny-account-exactly-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-account-exactly-data.yaml @@ -106,7 +106,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english.txt" - "hopeResult": "autotest" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - @@ -146,7 +146,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english.txt" - "hopeResult": "Connection reset by peer" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/ftp/security-ftp-deny-account-prefix-data.yaml b/other/data/security/ftp/security-ftp-deny-account-prefix-data.yaml index bfc31c8..689f46e 100644 --- a/other/data/security/ftp/security-ftp-deny-account-prefix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-account-prefix-data.yaml @@ -106,7 +106,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english.txt" - "hopeResult": "autotest" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - @@ -146,7 +146,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english.txt" - "hopeResult": "Connection reset by peer" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/ftp/security-ftp-deny-account-substring-data.yaml b/other/data/security/ftp/security-ftp-deny-account-substring-data.yaml index 31e89b7..ac4b80a 100644 --- a/other/data/security/ftp/security-ftp-deny-account-substring-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-account-substring-data.yaml @@ -65,7 +65,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english_big.txt" - "hopeResult": "ftp_fail" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - @@ -146,7 +146,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english.txt" - "hopeResult": "Connection reset by peer" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/ftp/security-ftp-deny-account-suffix-data.yaml b/other/data/security/ftp/security-ftp-deny-account-suffix-data.yaml index 1fff3e9..f70a3dd 100644 --- a/other/data/security/ftp/security-ftp-deny-account-suffix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-account-suffix-data.yaml @@ -65,7 +65,7 @@ "testMachine": - "ftpUrl": "/autoFtp/english_big.txt" - "hopeResult": "ftp_fail" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml b/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml index 22c842a..e606cec 100644 --- a/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml +++ b/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml @@ -33,12 +33,11 @@ "isValid": 1 "scheduleId": "condation": - - - "protocolField": "TSG_SECURITY_SOURCE_ADDR" - "objectType": "ip" - "objectSubType": "endpoint" + - + "protocolField": "TSG_FIELD_FTP_URI" + "objectType": "url" + "objectSubType": "" "objectList": - "addItemList": - - - "ip": "1.1.1.1" - "port": "0-65535" + - "keywordArray": + - "$ftp://192.168.90.158/autoFtp/english.txt" diff --git a/other/data/security/http/security-http-deny-reqheader-prefix-data.yaml b/other/data/security/http/security-http-deny-reqheader-prefix-data.yaml index 81adf4c..a3a9afd 100644 --- a/other/data/security/http/security-http-deny-reqheader-prefix-data.yaml +++ b/other/data/security/http/security-http-deny-reqheader-prefix-data.yaml @@ -71,8 +71,8 @@ "commandRes": "403 Forbidden" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -114,8 +114,8 @@ "commandRes": "404 Not Found" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -154,11 +154,11 @@ - "hopeSuccessNumber": 1 "command": 'wget --debug -q -O- --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" http://www.ichong123.com/' - "commandRes": "This is alert result" + "commandRes": "This is alert 200 result" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -201,8 +201,8 @@ "commandRes": "204 - Not Content" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -243,8 +243,8 @@ "commandRes": "timed out" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -283,11 +283,11 @@ - "hopeSuccessNumber": 1 "command": 'wget --debug -q -O- --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36" http://www.ichong123.com/' - "commandRes": "Swimming" + "commandRes": "timed out" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": @@ -327,8 +327,8 @@ "commandRes": "Connection reset by peer" "logQueryParam": - - "queryFiledKey": "http_host" - "queryValue": "www.ichong123.com" + "queryFiledKey": "common_schema_type" + "queryValue": "HTTP" "isValid": 1 "scheduleId": "condation": diff --git a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml b/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml index c8c874b..a7ad8e4 100644 --- a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml +++ b/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml @@ -1,9 +1,9 @@ #注意keywordArray下的关键字必须为数组形式 -"deny-url-reqbody_data": +"deny-url-reqbody-substring_data": - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-001" + "policyName": "security-http-deny-url-reqbody-substring-001" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -59,7 +59,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-002" + "policyName": "security-http-deny-url-reqbody-substring-002" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -116,7 +116,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-003" + "policyName": "security-http-deny-url-reqbody-substring-003" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -138,7 +138,7 @@ - "hopeSuccessNumber": 1 "command": "wget -q -O- http://bourabai.ru/desktop.html" - "commandRes": "好优工具" + "commandRes": "timed out" "logQueryParam": - "queryFiledKey": "http_host" diff --git a/other/data/security/mail/security-mail-deny-from-exactly-data.yaml b/other/data/security/mail/security-mail-deny-from-exactly-data.yaml index b8d1510..3eb1bc1 100644 --- a/other/data/security/mail/security-mail-deny-from-exactly-data.yaml +++ b/other/data/security/mail/security-mail-deny-from-exactly-data.yaml @@ -166,7 +166,7 @@ "mailPassword": "default" "mailMessagePath" : "/mailTestFile/mailMessage/subjectEnglish.txt" "mailAttachPath" : "/mailTestFile/mailAttach/mail_test_english.txt" - "hopeResult": "timeout" + "hopeResult": "timed out" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/mail/security-mail-deny-to-exactly-data.yaml b/other/data/security/mail/security-mail-deny-to-exactly-data.yaml index 01af30a..55b9cb2 100644 --- a/other/data/security/mail/security-mail-deny-to-exactly-data.yaml +++ b/other/data/security/mail/security-mail-deny-to-exactly-data.yaml @@ -121,7 +121,7 @@ "mailPassword": "default" "mailMessagePath" : "/mailTestFile/mailMessage/subjectEnglish.txt" "mailAttachPath" : "/mailTestFile/mailAttach/mail_test_english.txt" - "hopeResult": "timeout" + "hopeResult": "root" "hopeSuccessNumber": 1 "logQueryParam": - diff --git a/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml b/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml index d497388..41a7776 100644 --- a/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml +++ b/other/data/security/ssl/security-ssl-deny-fqdn-suffix-famousSites-data.yaml @@ -25,8 +25,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.youtube.com" "logQueryParam": - "queryFiledKey": "ssl_sni" @@ -35,8 +33,6 @@ "hopeSuccessNumber": 1 "command": "curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.facebook.com/" "commandRes": "Connection reset by peer" - "schemaType": "ssl_sni" - "schemaVerify": "www.facebook.com" "logQueryParam": - "queryFiledKey": "ssl_sni" diff --git a/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml b/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml index f2ac96a..fe17448 100644 --- a/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-expiry-date-trusted-data.yaml @@ -30,7 +30,7 @@ - "hopeSuccessNumber": 1 "command": "curl -kv https://wrong.host.badssl.com/" - "commandRes": "Connection reset by peer" + "commandRes": "left intact" "logQueryParam": - "queryFiledKey": "ssl_sni" diff --git a/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml b/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml index b7f3678..2473bd8 100644 --- a/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-issue-failAction-data.yaml @@ -30,7 +30,7 @@ - "hopeSuccessNumber": 1 "command": "curl -kv https://wrong.host.badssl.com/" - "commandRes": "Connection reset by peer" + "commandRes": "left intact" "logQueryParam": - "queryFiledKey": "ssl_sni" diff --git a/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml b/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml index 07176cb..3976225 100644 --- a/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml +++ b/other/data/security/ssl/security-ssl-intercept-self-signed-failAction-data.yaml @@ -30,7 +30,7 @@ - "hopeSuccessNumber": 1 "command": "curl -kv https://wrong.host.badssl.com/" - "commandRes": "Connection reset by peer" + "commandRes": "left intact" "logQueryParam": - "queryFiledKey": "ssl_sni" diff --git a/other/data/template/template.yaml b/other/data/template/template.yaml index a24416b..f7d87dd 100644 --- a/other/data/template/template.yaml +++ b/other/data/template/template.yaml @@ -211,7 +211,20 @@ "max": "tls13" "mirror_client": 0 "allow_http2": 0 -
-
+############decryption exclusion 模板################
+"ssl_decryption_exclusion_template":
+ "opAction": "add" + "itemType": "fqdn" + "objectId": 1 + "itemList": + "itemId": "" + "keywordArray": + - + "isHexbin": 0 + "isValid": 1 + "isInitialize": "" + "itemName": "" + "itemDesc": "test" + "returnData": 1 |