Add required if applicable

framework/python/src/test_orc/test_orchestrator.py

@@ -183,9 +183,14 @@ def _generate_report(self):
   def _calculate_result(self):
     result = "Compliant"
     for test_result in self._session.get_test_results():
+      # Check Required tests
       if (test_result.required_result.lower() == "required"
           and test_result.result.lower() != "compliant"):
         result = "Non-Compliant"
+      # Check Required if Applicable tests
+      elif (test_result.required_result.lower() == "required if applicable"
+            and test_result.result.lower() == "non-compliant"):
+        result = "Non-Compliant"
     return result
 
   def _cleanup_old_test_results(self, device):

modules/test/services/conf/module_config.json

@@ -62,6 +62,7 @@
           "version": "protocol 2.0"
         },
         "recommendations": [
+          "Disable the SSH server",
           "Upgrade the SSH server to at least protocol 2.0"
         ]
       },
@@ -266,7 +267,8 @@
           ]
         },
         "recommendations": [
-          "Disable the SNMP server"
+          "Disable the SNMP server",
+          "Upgrade to SNMPv3 if it is an essential service"
         ]
       },
       {

modules/test/tls/conf/module_config.json

@@ -16,7 +16,7 @@
         "name": "security.tls.v1_2_server",
         "test_description": "Check the device web server TLS 1.2 & certificate is valid",
         "expected_behavior": "TLS 1.2 certificate is issued to the web browser client when accessed",
-        "required_result": "Required",
+        "required_result": "Required if Applicable",
         "recommendations": [
           "Enable TLS 1.2 support in the web server configuration",
           "Disable TLS 1.0 and 1.1",
@@ -27,7 +27,7 @@
         "name": "security.tls.v1_2_client",
         "test_description": "Device uses TLS with connection to an external service on port 443 (or any other port which could be running the webserver-HTTPS)",
         "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.2 and support for ECDH and ECDSA ciphers",
-        "required_result": "Required",
+        "required_result": "Required if Applicable",
         "recommendations": [
           "Disable connections to unsecure services",
           "Ensure any URLs connected to are secure (https)"

modules/test/tls/python/src/tls_module.py

@@ -11,7 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""Baseline test module"""
+"""TLS test module"""
 from test_module import TestModule
 from tls_util import TLSUtil
 import pyshark
@@ -27,7 +27,7 @@
 LOGGER = None
 
 class TLSModule(TestModule):
-  """An example testing module."""
+  """The TLS testing module."""
 
   def __init__(self,
                module,
@@ -268,7 +268,7 @@ def _security_tls_v1_3_server(self):
       return results[0], description,results[1]
 
     else:
-      LOGGER.error('Could not resolve device IP address. Skipping')
+      LOGGER.error('Could not resolve device IP address')
       return 'Error', 'Could not resolve device IP address'
 
   def _security_tls_v1_2_client(self):
@@ -279,13 +279,17 @@ def _security_tls_v1_2_client(self):
       results = self._validate_tls_client(self._device_ipv4_addr, '1.2')
       # Determine results and return proper messaging and details
       description = ''
+      result = None
       if results[0] is None:
         description = 'No outbound connections were found'
+        result = 'Feature Not Detected'
       elif results[0]:
         description = 'TLS 1.2 client connections valid'
+        result = 'True'
       else:
         description = 'TLS 1.2 client connections invalid'
-      return results[0], description,  results[1]
+        result = 'False'
+      return result, description,  results[1]
     else:
       LOGGER.error('Could not resolve device IP address. Skipping')
       return 'Error', 'Could not resolve device IP address'