diff --git a/framework/python/src/test_orc/test_orchestrator.py b/framework/python/src/test_orc/test_orchestrator.py index 32135254d..64299b5d9 100644 --- a/framework/python/src/test_orc/test_orchestrator.py +++ b/framework/python/src/test_orc/test_orchestrator.py @@ -183,9 +183,14 @@ def _generate_report(self): def _calculate_result(self): result = "Compliant" for test_result in self._session.get_test_results(): + # Check Required tests if (test_result.required_result.lower() == "required" and test_result.result.lower() != "compliant"): result = "Non-Compliant" + # Check Required if Applicable tests + elif (test_result.required_result.lower() == "required if applicable" + and test_result.result.lower() == "non-compliant"): + result = "Non-Compliant" return result def _cleanup_old_test_results(self, device): diff --git a/modules/test/services/conf/module_config.json b/modules/test/services/conf/module_config.json index efd07d74b..5c20b4beb 100644 --- a/modules/test/services/conf/module_config.json +++ b/modules/test/services/conf/module_config.json @@ -62,6 +62,7 @@ "version": "protocol 2.0" }, "recommendations": [ + "Disable the SSH server", "Upgrade the SSH server to at least protocol 2.0" ] }, @@ -266,7 +267,8 @@ ] }, "recommendations": [ - "Disable the SNMP server" + "Disable the SNMP server", + "Upgrade to SNMPv3 if it is an essential service" ] }, { diff --git a/modules/test/tls/conf/module_config.json b/modules/test/tls/conf/module_config.json index 8505476b4..cd77f8299 100644 --- a/modules/test/tls/conf/module_config.json +++ b/modules/test/tls/conf/module_config.json @@ -16,7 +16,7 @@ "name": "security.tls.v1_2_server", "test_description": "Check the device web server TLS 1.2 & certificate is valid", "expected_behavior": "TLS 1.2 certificate is issued to the web browser client when accessed", - "required_result": "Required", + "required_result": "Required if Applicable", "recommendations": [ "Enable TLS 1.2 support in the web server configuration", "Disable TLS 1.0 and 1.1", @@ -27,7 +27,7 @@ "name": "security.tls.v1_2_client", "test_description": "Device uses TLS with connection to an external service on port 443 (or any other port which could be running the webserver-HTTPS)", "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.2 and support for ECDH and ECDSA ciphers", - "required_result": "Required", + "required_result": "Required if Applicable", "recommendations": [ "Disable connections to unsecure services", "Ensure any URLs connected to are secure (https)" diff --git a/modules/test/tls/python/src/tls_module.py b/modules/test/tls/python/src/tls_module.py index 078081f32..4da1f2e1b 100644 --- a/modules/test/tls/python/src/tls_module.py +++ b/modules/test/tls/python/src/tls_module.py @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -"""Baseline test module""" +"""TLS test module""" from test_module import TestModule from tls_util import TLSUtil import pyshark @@ -27,7 +27,7 @@ LOGGER = None class TLSModule(TestModule): - """An example testing module.""" + """The TLS testing module.""" def __init__(self, module, @@ -268,7 +268,7 @@ def _security_tls_v1_3_server(self): return results[0], description,results[1] else: - LOGGER.error('Could not resolve device IP address. Skipping') + LOGGER.error('Could not resolve device IP address') return 'Error', 'Could not resolve device IP address' def _security_tls_v1_2_client(self): @@ -279,13 +279,17 @@ def _security_tls_v1_2_client(self): results = self._validate_tls_client(self._device_ipv4_addr, '1.2') # Determine results and return proper messaging and details description = '' + result = None if results[0] is None: description = 'No outbound connections were found' + result = 'Feature Not Detected' elif results[0]: description = 'TLS 1.2 client connections valid' + result = 'True' else: description = 'TLS 1.2 client connections invalid' - return results[0], description, results[1] + result = 'False' + return result, description, results[1] else: LOGGER.error('Could not resolve device IP address. Skipping') return 'Error', 'Could not resolve device IP address'