From 8c2ef1bc0b44f68ee2210c11702514ae39b8a4c9 Mon Sep 17 00:00:00 2001 From: jhughesbiot Date: Wed, 20 Sep 2023 14:47:08 -0600 Subject: [PATCH 1/3] Mount root_certs to test containers --- framework/python/src/test_orc/test_orchestrator.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/framework/python/src/test_orc/test_orchestrator.py b/framework/python/src/test_orc/test_orchestrator.py index d8ae4b5f2..d4b72c55e 100644 --- a/framework/python/src/test_orc/test_orchestrator.py +++ b/framework/python/src/test_orc/test_orchestrator.py @@ -256,6 +256,9 @@ def _run_test_module(self, module): device_test_dir = os.path.join(self._root_path, RUNTIME_DIR, device.mac_addr.replace(":", "")) + root_certs_dir = os.path.join(self._root_path,DEVICE_ROOT_CERTS) + + container_runtime_dir = os.path.join(device_test_dir, module.name) os.makedirs(container_runtime_dir, exist_ok=True) @@ -293,6 +296,10 @@ def _run_test_module(self, module): source=device_monitor_capture, type="bind", read_only=True), + Mount(target="/testrun/root_certs", + source=root_certs_dir, + type="bind", + read_only=True) ], environment={ "HOST_USER": self._host_user, From 9de8380ecbfdc166d508c1c1b104e7f94e870f32 Mon Sep 17 00:00:00 2001 From: jhughesbiot Date: Wed, 20 Sep 2023 14:48:37 -0600 Subject: [PATCH 2/3] Add allow option to nmap ports Fix https failure detection in http test --- modules/test/nmap/conf/module_config.json | 10 ++++++++++ modules/test/nmap/python/src/nmap_module.py | 9 ++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/modules/test/nmap/conf/module_config.json b/modules/test/nmap/conf/module_config.json index c7aa644f8..1f7ae74a9 100644 --- a/modules/test/nmap/conf/module_config.json +++ b/modules/test/nmap/conf/module_config.json @@ -121,6 +121,16 @@ { "number": 80, "type": "udp" + }, + { + "number": 443, + "type": "tcp", + "allowed": true + }, + { + "number": 443, + "type": "udp", + "allowed": true } ] } diff --git a/modules/test/nmap/python/src/nmap_module.py b/modules/test/nmap/python/src/nmap_module.py index 693472d47..ea1c83baf 100644 --- a/modules/test/nmap/python/src/nmap_module.py +++ b/modules/test/nmap/python/src/nmap_module.py @@ -151,14 +151,15 @@ def _check_results(self, ports, services): for open_port, open_port_info in self._scan_results.items(): for port in ports: - + allowed = True if 'allowed' in port and port['allowed'] else False if (int(open_port_info["number"]) == int(port["number"]) and open_port_info["tcp_udp"] == port["type"] and open_port_info["state"] == "open"): LOGGER.debug("Found open port: " + str(port["number"]) + "/" + open_port_info["tcp_udp"] + " = " + open_port_info["state"]) - match_ports.append(open_port_info["number"] + "/" + + if not allowed: + match_ports.append(open_port_info["number"] + "/" + open_port_info["tcp_udp"]) if (open_port_info["service"] in services and @@ -167,7 +168,9 @@ def _check_results(self, ports, services): LOGGER.debug("Found service " + open_port_info["service"] + " on port " + str(open_port) + "/" + open_port_info["tcp_udp"]) - match_ports.append(open_port_info["number"] + "/" + + + if not allowed: + match_ports.append(open_port_info["number"] + "/" + open_port_info["tcp_udp"]) return match_ports From 652cfb514d5708e5569925557aa639ebe844adee Mon Sep 17 00:00:00 2001 From: jhughesbiot Date: Wed, 20 Sep 2023 14:52:58 -0600 Subject: [PATCH 3/3] Remove device certs copy during tls build --- modules/test/tls/tls.Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/test/tls/tls.Dockerfile b/modules/test/tls/tls.Dockerfile index 92fa6028c..cedf9531b 100644 --- a/modules/test/tls/tls.Dockerfile +++ b/modules/test/tls/tls.Dockerfile @@ -40,9 +40,5 @@ RUN pip3 install -r /testrun/python/requirements.txt # Create a directory inside the container to store the root certificates RUN mkdir -p /testrun/root_certs -# Copy over all the local certificates for device signature -# checks if the folder exists -COPY $CERTS_DIR /testrun/root_certs -