2026-06-18

fgtest-runner fgt_webfilter_curl.yaml

 SuiteID: fgt_webfilter_curl

Description: FortiGate WebFilter setting patterns with curl fact collection. No pass/fail judgment.


Targets:

  FGT:

    Type: FortiGate

    Host: %%FGT_HOST%%

    Vdom: %%FGT_VDOM%%

    ExpectedSerial: %%FGT_SERIAL%%

    TokenEnv: FGT_TOKEN

    SkipCertificateCheck: true


PreCleanup:

  - ID: delete_test_address_old

    Target: FGT

    Type: API

    Method: DELETE

    Endpoint: /api/v2/cmdb/firewall/address/%%TEST_ADDR_NAME%%


Setup:

  - ID: create_test_address

    Target: FGT

    Type: API

    Method: POST

    Endpoint: /api/v2/cmdb/firewall/address

    PayloadFormat: raw_json

    Payload: |

      {

        "name": "%%TEST_ADDR_NAME%%",

        "subnet": "%%CLIENT_IP%% %%CLIENT_MASK%%"

      }


# Settings are data rows. The runner applies each row to ApplySetting, runs all Requests, then cleans up.

Settings:

  - ID: wf_block_example_simple

    wf_url_pattern: "example.com/malware"

    wf_type: "simple"

    wf_action: "block"


  - ID: wf_allow_example_simple

    wf_url_pattern: "example.com/business"

    wf_type: "simple"

    wf_action: "allow"


  - ID: wf_monitor_example_wildcard

    wf_url_pattern: "*.example.org"

    wf_type: "wildcard"

    wf_action: "monitor"


ApplySetting:

  - ID: apply_urlfilter_entry

    Target: FGT

    Type: API

    Method: PUT

    Endpoint: /api/v2/cmdb/webfilter/urlfilter/%%URLFILTER_ID%%

    PayloadFormat: raw_json

    Payload: |

      {

        "entries": [

          {

            "id": 1,

            "url": "%%wf_url_pattern%%",

            "type": "%%wf_type%%",

            "action": "%%wf_action%%",

            "status": "enable"

          }

        ]

      }

    WaitAfterMs: 1000


Requests:

  - ID: curl_http_malware

    Target: LOCAL

    Type: Command

    Command: curl.exe

    TimeoutMs: 30000

    Args:

      - "-i"

      - "-L"

      - "--max-time"

      - "%%CURL_TIMEOUT_SEC%%"

      - "http://example.com/malware"


  - ID: curl_https_malware_insecure

    Target: LOCAL

    Type: Command

    Command: curl.exe

    TimeoutMs: 30000

    Args:

      - "-k"

      - "-i"

      - "-L"

      - "--max-time"

      - "%%CURL_TIMEOUT_SEC%%"

      - "https://example.com/malware"


  - ID: curl_http_business

    Target: LOCAL

    Type: Command

    Command: curl.exe

    TimeoutMs: 30000

    Args:

      - "-i"

      - "-L"

      - "--max-time"

      - "%%CURL_TIMEOUT_SEC%%"

      - "http://example.com/business"


  - ID: get_fgt_system_status_after_request

    Target: FGT

    Type: API

    Method: GET

    Endpoint: /api/v2/monitor/system/status


CleanupSetting:

  - ID: clear_urlfilter_entries

    Target: FGT

    Type: API

    Method: PUT

    Endpoint: /api/v2/cmdb/webfilter/urlfilter/%%URLFILTER_ID%%

    PayloadFormat: raw_json

    Payload: |

      {

        "entries": []

      }

    WaitAfterMs: 500


Teardown:

  - ID: delete_test_address

    Target: FGT

    Type: API

    Method: DELETE

    Endpoint: /api/v2/cmdb/firewall/address/%%TEST_ADDR_NAME%%


By at