diff options
| author | hebingning <[email protected]> | 2022-05-23 09:10:44 +0800 |
|---|---|---|
| committer | hebingning <[email protected]> | 2022-05-23 09:10:44 +0800 |
| commit | 65853bd4637a0ee165a07f5b3dbd3e5b4b5b84de (patch) | |
| tree | 8092554c909e8b334ce5e5ea752f12f3ad84ee4b | |
| parent | 51e47051c7631b95539835c1e3865ad9d560f25b (diff) | |
安全优先级用例提交
| -rw-r--r-- | case/policies/security/priority/security_dns_priority_tests.robot | 271 | ||||
| -rw-r--r-- | case/policies/security/priority/security_ftp_priority_tests.robot | 262 | ||||
| -rw-r--r-- | case/policies/security/priority/security_http_priority_tests.robot | 413 | ||||
| -rw-r--r-- | case/policies/security/priority/security_mail_priority_tests.robot | 262 | ||||
| -rw-r--r-- | case/policies/security/priority/security_ssl_priority_tests.robot | 413 | ||||
| -rw-r--r-- | other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml | 2 | ||||
| -rw-r--r-- | other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml | 8 | ||||
| -rw-r--r-- | other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml | 8 | ||||
| -rw-r--r-- | other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml | 9 | ||||
| -rw-r--r-- | other/data/security/http/security-http-deny-url-resbody-substring-data.yaml (renamed from other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml) | 34 | ||||
| -rw-r--r-- | other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml | 46 |
11 files changed, 1685 insertions, 43 deletions
diff --git a/case/policies/security/priority/security_dns_priority_tests.robot b/case/policies/security/priority/security_dns_priority_tests.robot index ec67669..fcbdb9f 100644 --- a/case/policies/security/priority/security_dns_priority_tests.robot +++ b/case/policies/security/priority/security_dns_priority_tests.robot @@ -160,4 +160,275 @@ security_policy_monitor_dns_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_dns_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"DNS"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "ngrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup tengrinews.kz commandRes=tengrinews.kz logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_dns_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup www.youtube.com -timeout=1 commandRes=connection timed out logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_dns_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId1} + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup www.youtube.com -timeout=1 commandRes=connection timed out logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_dns_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*ngrinews.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "ngrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup tengrinews.kz commandRes=tengrinews.kz logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_ftp_priority_tests.robot b/case/policies/security/priority/security_ftp_priority_tests.robot index 21dfeb3..02fee2d 100644 --- a/case/policies/security/priority/security_ftp_priority_tests.robot +++ b/case/policies/security/priority/security_ftp_priority_tests.robot @@ -155,4 +155,266 @@ security_policy_monitor_ftp_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_ftp_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"FTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=autotest logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_ftp_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_ftp_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpu* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_ftp_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpuser isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=autotest logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_http_priority_tests.robot b/case/policies/security/priority/security_http_priority_tests.robot index aeb5ee8..dacf1b5 100644 --- a/case/policies/security/priority/security_http_priority_tests.robot +++ b/case/policies/security/priority/security_http_priority_tests.robot @@ -301,3 +301,416 @@ security_policy_intercept_http_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_http_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "bler.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.nymbler.com/ commandRes=nymbler logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.nymbler.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_http_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "scoutbahamas.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://scoutbahamas.org/ commandRes=ScoutBahamas logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=scoutbahamas.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_allow_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$scoutbahamas.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "scoutbahamas.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://scoutbahamas.org/ commandRes=ScoutBahamas logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=scoutbahamas.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$by.841k.cn isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "by.841k.cn"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 http://by.841k.cn/home/user/index.html commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=by.841k.cn + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*w.hkbchina.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "w.hkbchina.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.hkbchina.com/portal/zh_CN/home/index.html commandRes=汉口银行 logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.hkbchina.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_intercept_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*bler.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "bler.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.nymbler.com/ commandRes=nymbler logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.nymbler.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_mail_priority_tests.robot b/case/policies/security/priority/security_mail_priority_tests.robot index ac38fe9..ac9b654 100644 --- a/case/policies/security/priority/security_mail_priority_tests.robot +++ b/case/policies/security/priority/security_mail_priority_tests.robot @@ -155,5 +155,267 @@ security_policy_monitor_mail_idPriority #删除策略 ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} + +security_policy_mail_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"MAIL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=root logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_mail_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_mail_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_mail_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=root logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_ssl_priority_tests.robot b/case/policies/security/priority/security_ssl_priority_tests.robot index faf65a4..84f4b45 100644 --- a/case/policies/security/priority/security_ssl_priority_tests.robot +++ b/case/policies/security/priority/security_ssl_priority_tests.robot @@ -301,3 +301,416 @@ security_policy_intercept_ssl_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_ssl_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "homebank.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://homebank.kz commandRes=Переводы logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=homebank.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_ssl_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/ commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_allow_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$homebank.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_allow_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_allow_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "homebank.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://homebank.kz commandRes=Переводы logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=homebank.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/ commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$telegram.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "telegram.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl -kv --tlsv1.2 https://telegram.org/ commandRes=Telegram Messenger logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=telegram.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_intercept_ssl_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$tengrinews.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_intercept_ssl_idPriority_00001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_intercept_ssl_idPriority_00002 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "tengrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl -kv --tlsv1.2 https://tengrinews.kz/ commandRes=TSG CA logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml b/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml index 21ece86..38ccc09 100644 --- a/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml +++ b/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml @@ -70,7 +70,7 @@ "contained_keyword": "test" "target_element": "target_distance_from_matching": 0 - "element_treatment": "remove" + "element_treatment": "mark" "userTags": "" "doBlacklist": 0 "doLog": 2 diff --git a/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml index 9a7d2c2..c104a0e 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-prefix-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -44,7 +44,7 @@ - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-prefix-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -86,7 +86,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-prefix-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -127,7 +127,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-prefix-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 diff --git a/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml index 98e8c05..000e52e 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-substring-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -43,7 +43,7 @@ - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-substring-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -85,7 +85,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-substring-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -126,7 +126,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-substring-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 diff --git a/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml index 3a563f6..8f1c9e9 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-suffix-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -40,11 +40,10 @@ - "addItemList": - "keywordArray": - "*english.txt" - - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-suffix-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -86,7 +85,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-suffix-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -127,7 +126,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-suffix-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 diff --git a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml b/other/data/security/http/security-http-deny-url-resbody-substring-data.yaml index a7ad8e4..311a66e 100644 --- a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml +++ b/other/data/security/http/security-http-deny-url-resbody-substring-data.yaml @@ -1,9 +1,9 @@ #注意keywordArray下的关键字必须为数组形式 -"deny-url-reqbody-substring_data": +"deny-url-resbody-substring_data": - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-001" + "policyName": "security-http-deny-url-resbody-substring-001" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -24,7 +24,7 @@ - "hopeSuccessNumber": 1 "command": 'curl --connect-timeout 5 -m 10 http://tool.haooyou.com/code?group=convert&type=strToHex&charset=UTF-8 | iconv -f utf-8 -t gbk' - "commandRes": "Connection reset by peer" + "commandRes": "timed out" "logQueryParam": - "queryFiledKey": "http_host" @@ -33,14 +33,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" @@ -59,7 +51,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-002" + "policyName": "security-http-deny-url-resbody-substring-002" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -90,14 +82,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" @@ -116,7 +100,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-003" + "policyName": "security-http-deny-url-resbody-substring-003" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -147,14 +131,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" diff --git a/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml new file mode 100644 index 0000000..ed2ae78 --- /dev/null +++ b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml @@ -0,0 +1,46 @@ +#注意keywordArray下的关键字必须为数组形式 +"intercept-decryption-exclusion_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ssl-intercept-decryption-exclusion-0001" + "policyType": "tsg_security" + "logType": "security_event" + "isGre": 0 + "action": "intercept" + "keyring": 1 + "decryption": 1 + "exclusionFqdn": "$www.example.com" + "traffic_mirror": + "enable": 0 + "mirror_profile": + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "wget --debug -q -O- https://wrong.host.badssl.com/" + "commandRes": "defaultCert" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "wrong.host.badssl.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "*ost.badssl.com" |