diff options
| author | zhangchengwei <[email protected]> | 2022-05-27 21:30:15 +0800 |
|---|---|---|
| committer | zhangchengwei <[email protected]> | 2022-05-27 21:30:15 +0800 |
| commit | d4b34771e59b6f4d56e90763a4d838272d15ce26 (patch) | |
| tree | 54744cdea90c99953b877fb213ed5b7ff95836c3 | |
| parent | d1cc65ebb0480dbb5674272f6d895f915f9c3891 (diff) | |
| parent | e5472ff1f443450d4934c4f93168544520428a34 (diff) | |
Merge remote-tracking branch 'origin/develop' into develop
21 files changed, 2785 insertions, 65 deletions
diff --git a/case/policies/proxy/priority/proxy_http_priority_tests.robot b/case/policies/proxy/priority/proxy_http_priority_tests.robot new file mode 100644 index 0000000..56fe873 --- /dev/null +++ b/case/policies/proxy/priority/proxy_http_priority_tests.robot @@ -0,0 +1,1016 @@ +*** Settings *** +Test Setup LoginAndAddLocalIP +Test Teardown DeletePolicyAndObject1 ${policyIds} ${objectids} ${url} ${profiledId} ${categoryIds} +Force Tags tsg_adc_wp adc_api security_policy +Library OperatingSystem +Resource ../../../../keyword/common/systemcommand.robot +# Resource ../../keyword/common/log_variable.robot +Resource ../../../../keyword/common/file_operation.robot +Resource ../../../../keyword/objects/object.robot +Resource ../../../../keyword/policys/policy.robot +Resource ../../../../keyword/common/login_logout_switch.robot +Library ../../../../customlib/verify_policy.py + +*** Variables *** +${policyIds} ${EMPTY} +${objectids} ${EMPTY} +${url} ${EMPTY} +${profiledId} ${EMPTY} +${categoryIds} ${EMPTY} + +*** Test Cases *** +proxy_policy_allow_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=allow userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=allow userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- http://www.yumi.com/ commandRes=玉米网 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.yumi.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_deny_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*newsela.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "newsela.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://newsela.com/ commandRes=Error 404 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=newsela.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_monitor_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.facebook.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest action=monitor userRegion={"method":"monitor","protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest action=monitor userRegion={"method":"monitor","protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.facebook.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://www.facebook.com/ commandRes=defaultCert logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.facebook.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_redirect_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=yumi isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=manipulation userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=manipulation userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} ${url} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- http://www.yumi.com/ commandRes=301 Moved Permanently logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.yumi.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_replace_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$destidotcom.wordpress.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=wordpress.com/contact/ isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=1 action=manipulation userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"Artificial","replace_with":"明天你好"}],"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=1 action=manipulation userRegion={"method":"replace","rules":[{"search_in":"http_resp_body","find":"Artificial","replace_with":"明天你好"}],"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "destidotcom.wordpress.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "wordpress.com/contact/"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${url} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://destidotcom.wordpress.com/contact/ commandRes=明天你好 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=destidotcom.wordpress + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_hijack_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*lexus.ru isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=www.lex* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + + Comment 创建hijack文件 + ${url} Set Variable /v1/policy/profile/hijackfiles + ${response} CreatePolicyFile2 ${url} ${path}/hijack_files/ Create-hijack Files-test-3.html hijack + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest action=manipulation userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} doLog=2 filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest action=manipulation userRegion={"method":"hijack","hijack_profile":${profiledId},"protocol":"HTTP"} doLog=2 filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "lexus.ru"} + ${url} Create Dictionary attributeType=string attributeName=url appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.lex"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} ${url} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId3} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://www.lexus.ru/ commandRes=小蛇 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=lexus.ru + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + #删除文件 + ${url} Set Variable /v1/policy/profile/hijackfiles + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_insert_http_idPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.meilleurmobile.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=meilleurmobile isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + + Comment 创建insert文件 + ${url} Set Variable /v1/policy/profile/insertscripts + ${response} CreatePolicyFile2 ${url} ${path}/insert_files/ Create-insert Scripts-test-1.js insert + ${profiledId} Get From Dictionary ${response} profileId + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest action=manipulation doLog=1 userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest action=manipulation doLog=1 userRegion={"method":"insert","insert_profile":${profiledId},"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId3} + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.meilleurmobile.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "meilleurmobile"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} ${url} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://www.meilleurmobile.com/ commandRes=tfe logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.meilleurmobile.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + ${objectids} Catenate SEPARATOR=, ${objectids} ${objectId1} + + #删除文件 + ${url} Set Variable /v1/policy/profile/insertscripts + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + + +proxy_policy_http_actionPriority_001 + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=allow userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- http://www.yumi.com/ commandRes=玉米网 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.yumi.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_http_actionPriority_002 + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*newsela.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建url + ${addItemList1} Create Dictionary keywordArray=newsela.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=url objectSubType=url isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId1} AddObjects ${1} ${objectDict} + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=manipulation userRegion={"method":"redirect","to":"http://www.iceo.com.cn/renwu2013/","code":301,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST,${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "newsela.com"} + ${url} Create Dictionary attributeType=string attributeName=url appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "newsela.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} ${url} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://newsela.com/ commandRes=Error 404 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=newsela.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_allow_http_conditionPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.yumi.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=allow userRegion={"method":"allow","protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=allow userRegion={"method":"allow","protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.yumi.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- http://www.yumi.com/ commandRes=玉米网 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.yumi.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_deny_http_conditionPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*newsela.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest doLog=2 action=deny userRegion={"method":"block","message":"涨涨涨涨","code":404,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "newsela.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://newsela.com/ commandRes=Error 404 logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=newsela.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2} + +proxy_policy_monitor_http_conditionPriority + [Tags] idPriority + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.facebook.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + + Comment 创建安全策略 + ${policyDict} Create Dictionary policyName=security-intercept-http+ssl policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1619,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} isValid=${1} appIdObjects=${SSL_ID},${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建代理策略1 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_1 policyType=pxy_manipulation policyDesc=autotest action=monitor userRegion={"method":"monitor","protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + + Comment 创建代理策略2 + ${policyDict} Create Dictionary policyName=${TEST_NAME}_2 policyType=pxy_manipulation policyDesc=autotest action=monitor userRegion={"method":"monitor","protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId3} Set Variable ${policyId}[0] + + + sleep 60 + Comment 策略验证 + ${fqdn} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "www.facebook.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=pxy_manipulation verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://www.facebook.com/ commandRes=defaultCert logType=proxy_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.facebook.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyTemp1} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1}]} + ${policyTemp2} Set Variable {"policyType":"pxy_manipulation","policyIds":[${policyId2},${policyId3}]} + ${policyIds} Create List ${policyTemp1} ${policyTemp2}
\ No newline at end of file diff --git a/case/policies/security/http.robot b/case/policies/security/http.robot index cefa77d..7d7b9b0 100644 --- a/case/policies/security/http.robot +++ b/case/policies/security/http.robot @@ -99,9 +99,9 @@ deny-resheader-substring # [Tags] SingleFilter Reset Rate Limit # ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/http/security-http-deny-url-reqbody-prefix-data.yaml ${TEST NAME} -deny-url-reqbody-substring +deny-url-resbody-substring [Tags] SingleFilter Reset Rate Limit - ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/http/security-http-deny-url-reqbody-substring-data.yaml ${TEST NAME} + ${objectIds} ${policyIds} PolilcysByTemplate ${path}/data/security/http/security-http-deny-url-resbody-substring-data.yaml ${TEST NAME} # deny-url-reqbody-exactly # [Tags] SingleFilter Reset Rate Limit diff --git a/case/policies/security/priority/security_dns_priority_tests.robot b/case/policies/security/priority/security_dns_priority_tests.robot index ec67669..fcbdb9f 100644 --- a/case/policies/security/priority/security_dns_priority_tests.robot +++ b/case/policies/security/priority/security_dns_priority_tests.robot @@ -160,4 +160,275 @@ security_policy_monitor_dns_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_dns_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"DNS"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "ngrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup tengrinews.kz commandRes=tengrinews.kz logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_dns_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_dns_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"DNS","method":"drop"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup www.youtube.com -timeout=1 commandRes=connection timed out logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_dns_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$www.youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId1} + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny doLog=1 userRegion={"protocol":"DNS","method":"drop"} filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "www.youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string":"${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup www.youtube.com -timeout=1 commandRes=connection timed out logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_dns_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*ngrinews.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_dns_idPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"DNS"} doLog=1 filterList=${objectId}|TSG_FIELD_DNS_QNAME isValid=${1} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${qname_fqdn} Create Dictionary attributeType=string attributeName=qname appId=${DNS_VID} appName=dns protocol=dns attributeValue={"string": "ngrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${DNS_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${qname_fqdn} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=nslookup tengrinews.kz commandRes=tengrinews.kz logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=dns_qname queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_ftp_priority_tests.robot b/case/policies/security/priority/security_ftp_priority_tests.robot index 21dfeb3..02fee2d 100644 --- a/case/policies/security/priority/security_ftp_priority_tests.robot +++ b/case/policies/security/priority/security_ftp_priority_tests.robot @@ -155,4 +155,266 @@ security_policy_monitor_ftp_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_ftp_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"FTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=autotest logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_ftp_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ftp_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_ftp_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpu* isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_ftp_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"FTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_ftp_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建Account + ${addItemList1} Create Dictionary keywordArray=ftpuser isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=account objectSubType=account isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ftp_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"FTP"} doLog=1 filterList=${objectId}|TSG_FIELD_FTP_ACCOUNT isValid=${1} appIdObjects=${FTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${account} Create Dictionary attributeType=string attributeName=account appId=${FTP_VID} appName=ftp protocol=ftp attributeValue={"string": "ftpuser"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${FTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${account} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary ftpUrl=/autoFtp/english.txt hopeResult=autotest logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ftp_account queryValue=ftpuser + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteFtpCommand ${verify} ${loginInfo} ${defaultFtpInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_http_priority_tests.robot b/case/policies/security/priority/security_http_priority_tests.robot index aeb5ee8..dacf1b5 100644 --- a/case/policies/security/priority/security_http_priority_tests.robot +++ b/case/policies/security/priority/security_http_priority_tests.robot @@ -301,3 +301,416 @@ security_policy_intercept_http_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_http_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "bler.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.nymbler.com/ commandRes=nymbler logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.nymbler.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_http_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_http_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "scoutbahamas.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://scoutbahamas.org/ commandRes=ScoutBahamas logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=scoutbahamas.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_allow_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$scoutbahamas.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_allow_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "scoutbahamas.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://scoutbahamas.org/ commandRes=ScoutBahamas logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=scoutbahamas.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$by.841k.cn isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"HTTP","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "by.841k.cn"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 http://by.841k.cn/home/user/index.html commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=by.841k.cn + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*w.hkbchina.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "w.hkbchina.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.hkbchina.com/portal/zh_CN/home/index.html commandRes=汉口银行 logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.hkbchina.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_intercept_http_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*bler.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_intercept_http_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} doLog=1 filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=${HTTP_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${http_host} Create Dictionary attributeType=string attributeName=host appId=${HTTP_VID} appName=http protocol=http attributeValue={"string": "bler.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${HTTP_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${http_host} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget -q -O- http://www.nymbler.com/ commandRes=nymbler logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=http_host queryValue=www.nymbler.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_mail_priority_tests.robot b/case/policies/security/priority/security_mail_priority_tests.robot index ac38fe9..ac9b654 100644 --- a/case/policies/security/priority/security_mail_priority_tests.robot +++ b/case/policies/security/priority/security_mail_priority_tests.robot @@ -155,5 +155,267 @@ security_policy_monitor_mail_idPriority #删除策略 ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} + +security_policy_mail_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"MAIL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=root logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_mail_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_mail_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_mail_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_mail_idPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"MAIL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_mail_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建ATT_CONT + ${addItemList1} Create Dictionary keywordArray=halashaogusina isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=keywords objectSubType=keywords isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_mail_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"MAIL"} doLog=1 filterList=${objectId}|TSG_FIELD_MAIL_ATT_CONTENT isValid=${1} appIdObjects=${MAIL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${att_content_id} Create Dictionary attributeType=string attributeName=att_content appId=${MAIL_VID} appName=mail protocol=mail attributeValue={"string":"halashaogusina"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id protocol=mail attributeValue={"string": "${MAIL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${att_content_id} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${verify} Create Dictionary smtpServer=default mailFrom=default [email protected] mailPassword=default mailMessagePath=/mailTestFile/mailMessage/subjectEnglish.txt mailAttachPath=/mailTestFile/mailAttach/mail_test_english.txt hopeResult=root logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=mail_from [email protected] + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${logType} Get From Dictionary ${verify} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} EmailSend ${verify} ${loginInfo} ${defaultMailInfo} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/case/policies/security/priority/security_ssl_priority_tests.robot b/case/policies/security/priority/security_ssl_priority_tests.robot index faf65a4..84f4b45 100644 --- a/case/policies/security/priority/security_ssl_priority_tests.robot +++ b/case/policies/security/priority/security_ssl_priority_tests.robot @@ -301,3 +301,416 @@ security_policy_intercept_ssl_idPriority ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} ${policyIds} Create List ${policyIdTemp} +security_policy_ssl_actionPriority_001 + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_001-1 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建allow安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_001-2 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "homebank.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://homebank.kz commandRes=Переводы logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=homebank.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_ssl_actionPriority_002 + Comment 创建monitor安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_002-1 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建deny安全策略 + ${policyDict} Create Dictionary policyName=security_policy_ssl_actionPriority_002-2 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} isValid=${0} appIdObjects=${DNS_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId2} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/ commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_allow_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$homebank.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_allow_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_allow_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=allow userRegion={"protocol":"SSL"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "homebank.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=wget --debug -q -O- https://homebank.kz commandRes=Переводы logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=homebank.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_deny_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=*youtube.com isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_deny_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_deny_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=deny userRegion={"protocol":"SSL","method":"reset"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "youtube.com"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl --connect-timeout 10 -m 10 -kv --http1.0 https://www.youtube.com/ commandRes=Connection reset by peer logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=www.youtube.com + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_monitor_ssl_conditionPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$telegram.org isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ssl_conditionPriority_00001 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} doLog=1 isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_monitor_ssl_conditionPriority_00002 policyType=tsg_security policyDesc=autotest action=monitor userRegion={"protocol":"SSL"} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "telegram.org"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl -kv --tlsv1.2 https://telegram.org/ commandRes=Telegram Messenger logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=telegram.org + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} + +security_policy_intercept_ssl_idPriority + [Tags] fqdn完整匹配 update policy:ip geo geography + Comment 创建fqdn + ${addItemList1} Create Dictionary keywordArray=$tengrinews.kz isHexbin=${0} + ${addItemLists} Create list ${addItemList1} + ${objectDict} Create Dictionary objectType=fqdn objectSubType=fqdn isValid=${1} addItemList=${addItemLists} + ${rescode} ${objectId} AddObjects ${1} ${objectDict} + Comment 创建安全策略1 + ${policyDict} Create Dictionary policyName=security_policy_intercept_ssl_idPriority_00001 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId1} Set Variable ${policyId}[0] + + Comment 创建安全策略2 + ${policyDict} Create Dictionary policyName=security_policy_intercept_ssl_idPriority_00002 policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"traffic_mirror":{"enable":0,"mirror_profile":null}} doLog=1 filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=${SSL_ID} + log ${policyDict} + ${rescode} ${policyId} AddPolicies 1 ${policyDict} v2 + ${policyId} GetPids ${policyId} + ${policyId2} Set Variable ${policyId}[0] + ${logPolicyId} Convert to String ${policyId2} + sleep 60 + Comment 策略验证 + ${sni} Create Dictionary attributeType=string attributeName=sni appId=${SSL_VID} appName=ssl protocol=ssl attributeValue={"string": "tengrinews.kz"} + ${app_id} Create Dictionary attributeType=string attributeName=app_id attributeValue={"string": "${SSL_VID}"} + ${subscriberid} Create Dictionary attributeType=string attributeName=subscriberid attributeValue={"string": "test56"} + ${ipsource} Create Dictionary attributeType=ip attributeName=source attributeValue={"ip":"${testClentIP}","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_SOURCE_ADDR"} + ${ipdestination} Create Dictionary attributeType=ip attributeName=destination attributeValue={"ip":"254.253.252.251","port":"1","addrType":4,"protocol":"6","tableName":"TSG_SECURITY_DESTINATION_ADDR"} + # 合成attributes字典集 + ${attributes} Create List ${app_id} ${subscriberid} ${ipsource} ${ipdestination} ${sni} + log ${attributes} + ${verifySession} Create Dictionary attributes=${attributes} + ${verifyList} Create Dictionary policyType=tsg_security verifySession=${verifySession} + log ${verifyList} + ${rescode} ${resData} VerifyPolicies ${verifyList} + # 打印检查结果 + ${objectid_verify} Set Variable ${objectId} + ${objectid_verify} Catenate SEPARATOR=, ${objectid_verify} ${policyId1} + # # 调用关键字 提取应答json获取其中所有的id值,并判断新下发的id值是否在应答json的id中 + log ${objectid_verify} + ${testType} Evaluate type($objectid_verify) + ${testType} Evaluate type($resData) + log ${resData} + ${ok} VerifyProxy ${resData} ${objectid_verify} + Should Be Equal As Strings ${ok} true + + Comment 验证效果 + ${loginInfo} Run Keyword If "${incomingClientInfo}"!="${EMPTY}" Set Variable ${incomingClientInfo} + ... ELSE Set Variable ${defaultClientInfo} + + ${commandMessage} Create Dictionary command=curl -kv --tlsv1.2 https://tengrinews.kz/ commandRes=TSG CA logType=security_event + ${logQueryParam} Create Dictionary queryFiledKey=ssl_sni queryValue=tengrinews.kz + ${logQueryParam} Create List ${logQueryParam} + # ${logQueryParam} Create Dictionary logQueryParam=[{'queryFiledKey':'common_schema_type','queryValue':'FTP'}] + ${command} Get From Dictionary ${commandMessage} command + ${commandRes} Get From Dictionary ${commandMessage} commandRes + ${logType} Get From Dictionary ${commandMessage} logType + + ${hopeSuccessNumber} Set Variable 1 + ${excuteSuccessful} ${reachExcuteFail} ${unReachable} ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} + + Run Keyword And Continue On Failure Should Be True ${excuteSuccessful}>=${hopeSuccessNumber} + Log To Console 可达且执行成功:${excuteSuccessful}个,可达但执行失败:${reachExcuteFail}个,不可达:${unReachable}个 + + #删除对象 + ${objectids} Set Variable ${objectId} + + #删除策略 + ${policyIdTemp} Set Variable {"policyType":"tsg_security","policyIds":[${policyId1},${policyId2}]} + ${policyIds} Create List ${policyIdTemp} diff --git a/keyword/common/clear_data.robot b/keyword/common/clear_data.robot index 4a6f85c..341e036 100644 --- a/keyword/common/clear_data.robot +++ b/keyword/common/clear_data.robot @@ -10,6 +10,7 @@ Resource common.robot *** Variables ***
${policyUrl} /policy/compile
${decryptionProfileUrl} /policy/profile/decryption
+${decryptionExclusionUrl} /policy/items
*** Keywords ***
DeletePolicyAndObjectAndOther
[Documentation] delete :policy object category app signature profile ...
@@ -36,6 +37,9 @@ DeletePolicyAndObjectAndOther #删除SSL 解密配置文件
Run Keyword If "${createDecryptionProfileds}"=="${EMPTY}" log no SSL Decryption profiledId to del
... ELSE DeleteProfileByIds /${version}${decryptionProfileUrl} ${createDecryptionProfileds}
+ #删除SSL 解密流量排除文件
+ Run Keyword If "${createDecryptionExclusionIds}"=="${EMPTY}" log no SSL Decryption exclusion to del
+ ... ELSE DeleteExclusionByIds /${version}${decryptionExclusionUrl} ${createDecryptionExclusionIds}
Run Keyword If "${appids}"=="${EMPTY}" log no appids to del
... ELSE DeleteApplicationByIds ${appids}
diff --git a/keyword/common/functional_keywords.robot b/keyword/common/functional_keywords.robot index cdefd9e..90501dd 100644 --- a/keyword/common/functional_keywords.robot +++ b/keyword/common/functional_keywords.robot @@ -297,4 +297,17 @@ DeleteProfileByIds Should Be Equal As Strings ${response_code} 200
#Integer ${response_code} 200
${response} Convert to String ${response}
- log ${response}
\ No newline at end of file + log ${response}
+
+DeleteExclusionByIds
+ [Arguments] ${typeUrl} ${exclusionItemIds}
+ log DeleteProfile
+ log ${exclusionItemIds}
+ ${response} BaseDeleteRequest ${typeUrl} {"itemType":"fqdn","itemIds":${exclusionItemIds},"objectIds":[1]}
+ ${response_code} Get From Dictionary ${response} code
+ #log aaaaaaaaaa:${response_code}
+ Should Be Equal As Strings ${response_code} 200
+ #Integer ${response_code} 200
+ ${response} Convert to String ${response}
+ log ${response}
+ [Return] ${response}
\ No newline at end of file diff --git a/keyword/common/login_logout.robot b/keyword/common/login_logout.robot index ee02b6d..9e117de 100644 --- a/keyword/common/login_logout.robot +++ b/keyword/common/login_logout.robot @@ -149,11 +149,16 @@ InitTemplate ${toJson} json.Dumps ${testinMode} SET GLOBAL VARIABLE ${packetCaptureModeJson} ${toJson} - #SSL解密配置文件模板模板 + #SSL解密配置文件模板 ${testinMode} Get From Dictionary ${LOADED} ssl_decryption_profiles_template ${toJson} json.Dumps ${testinMode} SET GLOBAL VARIABLE ${decryptionProfileJson} ${toJson} + #SSL解密排除文件模板 + ${testinMode} Get From Dictionary ${LOADED} ssl_decryption_exclusion_template + ${toJson} json.Dumps ${testinMode} + SET GLOBAL VARIABLE ${decryptionExclusionJson} ${toJson} + ApiLogin [Tags] # 云测系统登录 @@ -206,6 +211,7 @@ ApiLogin SET GLOBAL VARIABLE ${createPolicyIds} ${EMPTY} SET GLOBAL VARIABLE ${createProfileds} ${EMPTY} SET GLOBAL VARIABLE ${createDecryptionProfileds} ${EMPTY} + SET GLOBAL VARIABLE ${createDecryptionExclusionIds} ${EMPTY} SET GLOBAL VARIABLE ${createPacketCapturePolicyIds} ${EMPTY} #云测平台登录令牌 SET GLOBAL VARIABLE ${sid} ${sidCode} diff --git a/keyword/policys/policy.robot b/keyword/policys/policy.robot index 500521b..fdcdeb1 100644 --- a/keyword/policys/policy.robot +++ b/keyword/policys/policy.robot @@ -22,6 +22,7 @@ Resource ../../keyword/common/common_interface.robot *** Variables ***
${policyUrl} /policy/compile
${decryptionProfileUrl} /policy/profile/decryption
+${decryptionExclusionUrl} /policy/items
*** Keywords ***
#get查询策略,传入字典对象,该方法将字典对象自动拼接成get请求查询条件
QueryPolicies
@@ -618,6 +619,8 @@ GetCommand ${commandRes} Run Keyword If "${commandRes}"=="defaultCert" Set Variable ${defaultCert}
... ELSE Set Variable ${commandRes}
${logQueryParam} Get From Dictionary ${verify} logQueryParam
+ ${type} Evaluate type(${logQueryParam})
+ log ${logQueryParam}
${hopeSuccessNumber} Get From Dictionary ${verify} hopeSuccessNumber
${excuteSuccessful} ${reachExcuteFail} ${unReachable} Run Keyword If ("${appHttpReturn}"=="PASS" or "${appHttpsReturn}"=="PASS" or "${appSslReturn}"=="PASS" or "${appDnsReturn}"=="PASS") and "${isGre}"!="1" ExcuteCommand ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId}
... ELSE IF ("${appHttpReturn}"=="PASS" or "${appSslReturn}"=="PASS") and "${isGre}"=="1" ExcuteGreCommand ${greClientInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId} ${grePort}
@@ -749,6 +752,7 @@ ExcuteFtpCommand ${isUTC} Evaluate ${tsgVersion}>=22.03
${starttime} Run Keyword If "${isUTC}"=="True" Get Current Date UTC exclude_millis=True
... ELSE Get Time
+ sleep 5
${returnConnect} ${connect} Run Keyword And Ignore Error Open Connection ${manageIp}
${returnLogin} ${login} Run Keyword And Ignore Error SSHLibrary.Login ${manageUser} ${managePassword}
${defaultFtpInfo} Replace String ${defaultFtpInfo} ' "
@@ -764,7 +768,7 @@ ExcuteFtpCommand # ${result} FTP_login ftp://${ftpHost}/${ftpUrl} -u ${ftpUserName}:${ftpPassword} ${ftpContent}
# ${returnIsExcute} ${result1} Run Keyword And Ignore Error Should Be Equal As Strings ${result} ${hopeResult}
- Write curl -m 10 ftp://${ftpHost}${ftpUrl} -u ${ftpUserName}:${ftpPassword}
+ ${returnFtp} ${ftp} Run Keyword And Ignore Error Write curl -m 10 ftp://${ftpHost}${ftpUrl} -u ${ftpUserName}:${ftpPassword}
${return} ${res} Run Keyword And Ignore Error Read delay=15s
${returnIsExcute} ${excute} Run Keyword And Ignore Error Should Contain ${res} ${hopeResult}
@@ -802,6 +806,7 @@ EmailSend ${isUTC} Evaluate ${tsgVersion}>=22.03
${starttime} Run Keyword If "${isUTC}"=="True" Get Current Date UTC exclude_millis=True
... ELSE Get Time
+ sleep 5
${returnConnect} ${connect} Run Keyword And Ignore Error Open Connection ${manageIp}
${returnLogin} ${login} Run Keyword And Ignore Error SSHLibrary.Login ${manageUser} ${managePassword}
@@ -880,7 +885,7 @@ GetMailVerifyResult ExcuteCommand
[Documentation]
- ...
+ ... 在linux服务器上执行对应的命令
[Arguments] ${loginInfo} ${command} ${commandRes} ${logQueryParam} ${logType} ${logPolicyId}
${unReachable} Set Variable 0
${reachExcuteFail} Set Variable 0
@@ -1205,6 +1210,13 @@ CreatePolicysAndObjects ... 返回参数${objectId}格式:[107582, 107583]
... 返回参数:${policyId} [{'objectId': 107582, 'protocolField': 'TSG_SECURITY_SOURCE_ADDR'},{'objectId': 107583, 'protocolField': 'TSG_SECURITY_SOURCE_ADDR'}]
[Arguments] ${policyData} ${testName} ${editPolicyId}=${EMPTY}
+
+
+ ${return} ${exclusionFqdn} Run Keyword And Ignore Error Get From Dictionary ${policyData} exclusionFqdn
+ ${exclusionItemId} Run Keyword If "${return}"=="FAIL" Set Variable ${EMPTY}
+ ... ELSE CreateSslDecryptionExclusion ${exclusionFqdn}
+
+
Log To Console Call CreatePolicysAndObjects
Comment 获取模板
Comment ${policyModeJson}策略模板取自全局变量
@@ -1431,12 +1443,22 @@ CreatePolicysAndObjects Log ${policyVerifyJson}
[Return] ${objectIds} ${policyIds} ${policyVerifyJson} ${atributeObjectIds}
+CreateSslDecryptionExclusion
+ [Documentation] 新建解密流量排除fqdn
+ [Arguments] ${exclusionFqdn}
+ Comment 获取模板
+ Comment ${decryptionExclusionJson}策略模板取自全局变量
+ log ${decryptionExclusionJson}
+ ${decryptionExclusionJson} Set Variable ${decryptionExclusionJson}
+ ${decryptionExclusionJson} Replace String ${decryptionExclusionJson} "keywordArray": [null] "keywordArray": ["${exclusionFqdn}"]
+ ${decryptionExclusionJson} json.loads ${decryptionExclusionJson}
+ log ${decryptionExclusionJson}
+ ${exclusionItemId} CreateDecryptionExclusion ${decryptionExclusionJson}
+ [Return] ${exclusionItemId}
+
CreateSslDecryptionProfile
[Documentation] 新建DecryptionProfile文件
[Arguments] ${decryptionProfile}
- # ${yamlData} OperatingSystem.Get File ${defaultFilePath}
- # ... ELSE OperatingSystem.Get File ${dataFilePath}
- # ${loadedData}= yaml.Safe Load ${yamlData}
Comment 获取模板
Comment ${decryptionProfileJson}策略模板取自全局变量
${decryptionProfileJson} Set Variable ${decryptionProfileJson}
@@ -1491,8 +1513,7 @@ CreateSslDecryptionProfile ${decryptionProfileJson} json.loads ${decryptionProfileJson}
log ${decryptionProfileJson}
${profiledId} CreateDecryptionProfile ${decryptionProfileJson}
- [Return] ${profiledId}
-
+ [Return] ${profiledId}
CreateDecryptionProfile
[Documentation]
... 创建SSL解密配置文件
@@ -1511,6 +1532,24 @@ CreateDecryptionProfile SET GLOBAL VARIABLE ${createDecryptionProfileds} ${createDecryptionProfiledsTemp}
[Return] ${profiledId}
+CreateDecryptionExclusion
+ [Documentation]
+ ... 创建SSL解密配置文件
+ [Arguments] ${decryptionExclusionJson} ${code}=null
+ ${returnData} Get From Dictionary ${decryptionExclusionJson} returnData
+ ${bodyJson} json.Dumps ${decryptionExclusionJson}
+ log ${bodyJson}
+ ${response} BasePostRequestForV2 ${decryptionExclusionUrl} ${bodyJson} ${version}
+ log ${response}
+
+ ${list} Set Variable ${response['data']['itemList']}
+ ${exclusionItemId} Set Variable ${list[0]['itemId']}
+ ${exclusionItemIdList} Create List ${exclusionItemId}
+ ${createDecryptionExclusionIdsTemp} Run Keyword If "${createDecryptionExclusionIds}"!="${EMPTY}" AppendListToList ${createDecryptionExclusionIds} ${exclusionItemIdList}
+ ... ELSE Set Variable ${exclusionItemIdList}
+ SET GLOBAL VARIABLE ${createDecryptionExclusionIds} ${createDecryptionExclusionIdsTemp}
+ [Return] ${exclusionItemId}
+
GetProfileMessage
[Arguments] ${html_profile}
${responseUrl} Get From Dictionary ${html_profile} responseUrl
diff --git a/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml b/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml index 21ece86..38ccc09 100644 --- a/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml +++ b/other/data/proxy/http/proxy-http-edit_element-url-reqbody-data.yaml @@ -70,7 +70,7 @@ "contained_keyword": "test" "target_element": "target_distance_from_matching": 0 - "element_treatment": "remove" + "element_treatment": "mark" "userTags": "" "doBlacklist": 0 "doLog": 2 diff --git a/other/data/security/ftp/security-ftp-deny-uri-exactly-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-exactly-data.yaml index 06850b8..6bd8af8 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-exactly-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-exactly-data.yaml @@ -39,7 +39,7 @@ "objectList": - "addItemList": - "keywordArray": - - "$ftp://192.168.90.158/autoFtp/english.txt" + - "$ftp://192.168.40.158/autoFtp/english.txt" - "opAction": "update" "returnData": 1 @@ -81,7 +81,7 @@ "objectList": - "addItemList": - "keywordArray": - - "$ftp://192.168.90.158/autoFtp/english_big.txt" + - "$ftp://192.168.40.158/autoFtp/english_big.txt" - "opAction": "add" "returnData": 1 @@ -122,7 +122,7 @@ "objectList": - "addItemList": - "keywordArray": - - "$ftp://192.168.90.158/autoFtp/english.txt" + - "$ftp://192.168.40.158/autoFtp/english.txt" - "opAction": "add" "returnData": 1 @@ -162,4 +162,4 @@ "objectList": - "addItemList": - "keywordArray": - - "$ftp://192.168.90.158/autoFtp/english.txt" + - "$ftp://192.168.40.158/autoFtp/english.txt" diff --git a/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml index 9a7d2c2..5416094 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-prefix-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-prefix-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -39,12 +39,12 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90*" + - "ftp://192.168.*" - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-prefix-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -82,11 +82,11 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90*" + - "ftp://192.168.40*" - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-prefix-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -123,11 +123,11 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90*" + - "ftp://192.168.40*" - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-prefix-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -163,4 +163,4 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90*" + - "ftp://192.168.40*" diff --git a/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml index 98e8c05..000e52e 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-substring-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-substring-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -43,7 +43,7 @@ - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-substring-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -85,7 +85,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-substring-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -126,7 +126,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-substring-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 diff --git a/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml b/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml index 3a563f6..8f1c9e9 100644 --- a/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml +++ b/other/data/security/ftp/security-ftp-deny-uri-suffix-data.yaml @@ -3,7 +3,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0001" + "policyName": "security-ftp-deny-uri-suffix-0001" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -40,11 +40,10 @@ - "addItemList": - "keywordArray": - "*english.txt" - - "opAction": "update" "returnData": 1 - "policyName": "security-mail-deny-only-IpAndApplication-0001-1" + "policyName": "security-mail-deny-uri-suffix-0001-1" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -86,7 +85,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0002" + "policyName": "security-ftp-deny-uri-suffix-0002" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 @@ -127,7 +126,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-ftp-deny-only-IpAndApplication-0003" + "policyName": "security-ftp-deny-uri-suffix-0003" "policyType": "tsg_security" "logType": "security_event" "isGre": 0 diff --git a/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml b/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml index e606cec..4a8a3b3 100644 --- a/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml +++ b/other/data/security/ftp/security-ftp-monitor-uri-exactly-data.yaml @@ -40,4 +40,4 @@ "objectList": - "addItemList": - "keywordArray": - - "$ftp://192.168.90.158/autoFtp/english.txt" + - "$ftp://192.168.40.158/autoFtp/english.txt" diff --git a/other/data/security/ftp/security-ftp-monitor-uri-prefix-data.yaml b/other/data/security/ftp/security-ftp-monitor-uri-prefix-data.yaml index e21dc92..28564ce 100644 --- a/other/data/security/ftp/security-ftp-monitor-uri-prefix-data.yaml +++ b/other/data/security/ftp/security-ftp-monitor-uri-prefix-data.yaml @@ -40,4 +40,4 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90.158*" + - "ftp://192.168.40.158*" diff --git a/other/data/security/ftp/security-ftp-monitor-uri-substring-data.yaml b/other/data/security/ftp/security-ftp-monitor-uri-substring-data.yaml index 95b1cfe..3255579 100644 --- a/other/data/security/ftp/security-ftp-monitor-uri-substring-data.yaml +++ b/other/data/security/ftp/security-ftp-monitor-uri-substring-data.yaml @@ -40,5 +40,5 @@ "objectList": - "addItemList": - "keywordArray": - - "ftp://192.168.90.158" + - "ftp://192.168.40.158" diff --git a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml b/other/data/security/http/security-http-deny-url-resbody-substring-data.yaml index a7ad8e4..311a66e 100644 --- a/other/data/security/http/security-http-deny-url-reqbody-substring-data.yaml +++ b/other/data/security/http/security-http-deny-url-resbody-substring-data.yaml @@ -1,9 +1,9 @@ #注意keywordArray下的关键字必须为数组形式 -"deny-url-reqbody-substring_data": +"deny-url-resbody-substring_data": - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-001" + "policyName": "security-http-deny-url-resbody-substring-001" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -24,7 +24,7 @@ - "hopeSuccessNumber": 1 "command": 'curl --connect-timeout 5 -m 10 http://tool.haooyou.com/code?group=convert&type=strToHex&charset=UTF-8 | iconv -f utf-8 -t gbk' - "commandRes": "Connection reset by peer" + "commandRes": "timed out" "logQueryParam": - "queryFiledKey": "http_host" @@ -33,14 +33,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" @@ -59,7 +51,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-002" + "policyName": "security-http-deny-url-resbody-substring-002" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -90,14 +82,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" @@ -116,7 +100,7 @@ - "opAction": "add" "returnData": 1 - "policyName": "security-http-deny-url-reqbody-substring-003" + "policyName": "security-http-deny-url-resbody-substring-003" "policyType": "tsg_security" "logType": "security_event" "action": "deny" @@ -147,14 +131,6 @@ "scheduleId": "condation": - - "protocolField": "TSG_FIELD_HTTP_HOST" - "objectType": "fqdn" - "objectSubType": "" - "objectList": - - "addItemList": - - "keywordArray": - - "*aooyou.com" - - "protocolField": "TSG_FIELD_HTTP_URL" "objectType": "url" "objectSubType": "" diff --git a/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml new file mode 100644 index 0000000..ed2ae78 --- /dev/null +++ b/other/data/security/ssl/security-ssl-intercept-decryption-exclusion-data.yaml @@ -0,0 +1,46 @@ +#注意keywordArray下的关键字必须为数组形式 +"intercept-decryption-exclusion_data": + - + "opAction": "add" + "returnData": 1 + "policyName": "security-ssl-intercept-decryption-exclusion-0001" + "policyType": "tsg_security" + "logType": "security_event" + "isGre": 0 + "action": "intercept" + "keyring": 1 + "decryption": 1 + "exclusionFqdn": "$www.example.com" + "traffic_mirror": + "enable": 0 + "mirror_profile": + "userTags": "" + "doBlacklist": 0 + "doLog": 1 + "policyDesc": "autotest" + "effectiveRange": + "userRegion": + "appIdObjects": + - "ssl" + "appSelectorObjects": + "isTestMachine": 1 + "testMachine": + - + "hopeSuccessNumber": 1 + "command": "wget --debug -q -O- https://wrong.host.badssl.com/" + "commandRes": "defaultCert" + "logQueryParam": + - + "queryFiledKey": "ssl_sni" + "queryValue": "wrong.host.badssl.com" + "isValid": 1 + "scheduleId": + "condation": + - + "protocolField": "TSG_FIELD_SSL_SNI" + "objectType": "fqdn" + "objectSubType": "" + "objectList": + - "addItemList": + - "keywordArray": + - "*ost.badssl.com" |