Added risk profile api testing

framework/python/src/core/testrun.py

@@ -506,7 +506,7 @@ def _stop_ui(self):
       if container is not None:
         container.kill()
     except docker.errors.NotFound:
-      return
+      pass
 
 
   def start_ws(self):
@@ -542,4 +542,4 @@ def _stop_ws(self):
       if container is not None:
         container.kill()
     except docker.errors.NotFound:
-      return
+      pass

framework/python/src/net_orc/ip_control.py

@@ -258,4 +258,4 @@ def get_sys_interfaces() -> t.Dict[str, t.Dict[str, str]]:
 
       ifaces[key] = nic[0].address
 
-    return ifaces
+    return ifaces

modules/test/base/python/src/test_module.py

@@ -48,9 +48,9 @@ def __init__(self,
 
   def _add_logger(self, log_name, module_name, log_dir=None):
     global LOGGER
-    LOGGER = logger.get_logger(name=log_name,
+    LOGGER = logger.get_logger(name=log_name, # pylint: disable=E1123
                                log_file=module_name,
-                               log_dir=log_dir) # pylint: disable=E1123
+                               log_dir=log_dir)
 
   def generate_module_report(self):
     pass
@@ -187,7 +187,7 @@ def _write_results(self, results):
   def _get_device_ipv4(self):
     command = f"""/testrun/bin/get_ipv4_addr {self._ipv4_subnet}
     {self._device_mac.upper()}"""
-    text = util.run_command(command)[0]
+    text = util.run_command(command)[0] # pylint: disable=E1120
     if text:
       return text.split('\n')[0]
     return None

modules/test/conn/python/src/connection_module.py

@@ -432,7 +432,7 @@ def _ping(self, host, ipv6=False):
     cmd += ' -6 ' if ipv6 else ''
     cmd += str(host)
     #cmd = 'ping -c 1 ' + str(host)
-    success = util.run_command(cmd, output=False)
+    success = util.run_command(cmd, output=False) # pylint: disable=E1120
     return success
 
   def restore_failover_dhcp_server(self, subnet):

modules/test/conn/python/src/dhcp_util.py

@@ -207,7 +207,7 @@ def is_lease_active(self, lease):
 
   def ping(self, host):
     cmd = 'ping -c 1 ' + str(host)
-    success = util.run_command(cmd, output=False)
+    success = util.run_command(cmd, output=False) # pylint: disable=E1120
     return success
 
   def add_reserved_lease(self,

modules/test/ntp/python/src/ntp_module.py

@@ -171,6 +171,10 @@ def extract_ntp_data(self):
         # Local NTP server syncs to external servers so we need to filter only
         # for traffic to/from the device
         if self._device_mac in (source_mac, destination_mac):
+
+          source_ip = None
+          dest_ip = None
+
           if IP in packet:
             source_ip = packet[IP].src
             dest_ip = packet[IP].dst
@@ -218,6 +222,9 @@ def _ntp_network_ntp_support(self):
     for packet in packet_capture:
 
       if NTP in packet and packet.src == self._device_mac:
+
+        dest_ip = None
+
         if IP in packet:
           dest_ip = packet[IP].dst
         elif IPv6 in packet:
@@ -229,16 +236,17 @@ def _ntp_network_ntp_support(self):
           device_sends_ntp3 = True
           LOGGER.info(f'Device sent NTPv3 request to {dest_ip}')
 
-    if not (device_sends_ntp3 or device_sends_ntp4):
-      result = False, 'Device has not sent any NTP requests'
-    elif device_sends_ntp3 and device_sends_ntp4:
+    result = False, 'Device has not sent any NTP requests'
+
+    if device_sends_ntp3 and device_sends_ntp4:
       result = False, ('Device sent NTPv3 and NTPv4 packets. ' +
                        'NTPv3 is not allowed')
     elif device_sends_ntp3:
       result = False, ('Device sent NTPv3 packets. '
                        'NTPv3 is not allowed')
     elif device_sends_ntp4:
       result = True, 'Device sent NTPv4 packets'
+
     LOGGER.info(result[1])
     return result
 
@@ -255,6 +263,7 @@ def _ntp_network_ntp_dhcp(self):
     for packet in packet_capture:
       if NTP in packet and packet.src == self._device_mac:
         device_sends_ntp = True
+        dest_ip = None
         if IP in packet:
           dest_ip = packet[IP].dst
         elif IPv6 in packet:
@@ -266,6 +275,8 @@ def _ntp_network_ntp_dhcp(self):
           LOGGER.info('Device sent NTP request to non-DHCP provided NTP server')
           ntp_to_remote = True
 
+    result = 'Feature Not Detected', 'Device has not sent any NTP requests'
+
     if device_sends_ntp:
       if ntp_to_local and ntp_to_remote:
         result = False, ('Device sent NTP request to DHCP provided ' +
@@ -275,8 +286,6 @@ def _ntp_network_ntp_dhcp(self):
           'Device sent NTP request to non-DHCP provided server')
       elif ntp_to_local:
         result = True, 'Device sent NTP request to DHCP provided server'
-    else:
-      result = 'Feature Not Detected', 'Device has not sent any NTP requests'
 
     LOGGER.info(result[1])
     return result

modules/test/services/python/src/services_module.py

@@ -200,7 +200,7 @@ def _process_port_results(self):
   def _scan_tcp_ports(self):
     max_port = 1000
     LOGGER.info('Running nmap TCP port scan')
-    nmap_results = util.run_command(
+    nmap_results = util.run_command( # pylint: disable=E1120
         f'''nmap --open -sT -sV -Pn -v -p 1-{max_port}
       --version-intensity 7 -T4 -oX - {self._ipv4_addr}''')[0]
 
@@ -228,7 +228,7 @@ def _scan_udp_ports(self):
       port_list = ','.join(ports)
       LOGGER.info('Running nmap UDP port scan')
       LOGGER.debug('UDP ports: ' + str(port_list))
-      nmap_results = util.run_command(
+      nmap_results = util.run_command( # pylint: disable=E1120
           f'nmap -sU -sV -p {port_list} -oX - {self._ipv4_addr}')[0]
       LOGGER.info('UDP port scan complete')
       nmap_results_json = self._nmap_results_to_json(nmap_results)

modules/test/tls/python/src/tls_util.py

@@ -372,6 +372,8 @@ def validate_tls_server(self, host, tls_version):
       public_key = self.get_public_key(public_cert)
       if public_key:
         key_valid = self.verify_public_key(public_key)
+      else:
+        key_valid = [0]
 
       sig_valid = self.validate_signature(host)
 

testing/api/profiles/new_profile.json

@@ -0,0 +1,145 @@
+{
+    "name": "New Profile",
+    "status": "Draft",
+    "created": "2024-05-23 12:38:26",
+    "version": "v1.3",
+    "questions": [
+        {
+            "question": "What type of device is this?",
+            "type": "select",
+            "options": [
+                "IoT Sensor",
+                "IoT Controller",
+                "Smart Device",
+                "Something else"
+            ],
+            "answer": "IoT Sensor",
+            "validation": {
+                "required": true
+            }
+        },
+        {
+            "question": "How will this device be used at Google?",
+            "type": "text-long",
+            "answer": "Installed in a building",
+            "validation": {
+                "max": "128",
+                "required": true
+            }
+        },
+        {
+            "question": "What is the email of the device owner(s)?",
+            "type": "email-multiple",
+            "answer": "[email protected], [email protected]",
+            "validation": {
+                "required": true,
+                "max": "128"
+            }
+        },
+        {
+            "question": "Is this device going to be managed by Google or a third party?",
+            "type": "select",
+            "options": [
+                "Google",
+                "Third Party"
+            ],
+            "answer": "Google",
+            "validation": {
+                "required": true
+            }
+        },
+        {
+            "question": "Will the third-party device administrator be able to grant access to authorized Google personnel upon request?",
+            "type": "select",
+            "options": [
+                "Yes",
+                "No",
+                "N/A"
+            ],
+            "default": "N/A",
+            "answer": "Yes",
+            "validation": {
+                "required": true
+            }
+        },
+        {
+            "question": "Are any of the following statements true about your device?",
+            "description": "This tells us about the data your device will collect",
+            "type": "select-multiple",
+            "answer": [
+                0,
+                2
+            ],
+            "options": [
+                "The device collects any Personal Identifiable Information (PII) or Personal Health Information (PHI)",
+                "The device collects intellectual property and trade secrets, sensitive business data, critical infrastructure data, identity assets",
+                "The device stream confidential business data in real-time (seconds)?"
+            ]
+        },
+        {
+            "question": "Which of the following statements are true about this device?",
+            "description": "This tells us about the types of data that are transmitted from this device and how the transmission is performed from a technical standpoint.",
+            "type": "select-multiple",
+            "answer": [
+                0,
+                1,
+                5
+            ],
+            "options": [
+                "PII/PHI, confidential business data, or crown jewel data is transmitted to a destination outside Alphabet's ownership",
+                "Data transmission occurs across less-trusted networks (e.g. the internet).",
+                "A failure in data transmission would likely have a substantial negative impact (https://www.rra.rocks/docs/standard_levels#levels-definitions)",
+                "A confidentiality breach during transmission would have a substantial negative impact",
+                "The device encrypts data during transmission",
+                "The device network protocol is well-established and currently used by Google"
+            ]
+        },
+        {
+            "question": "Does the network protocol assure server-to-client identity verification?",
+            "type": "select",
+            "answer": "Yes",
+            "options": [
+                "Yes",
+                "No",
+                "I don't know"
+            ],
+            "validation": {
+                "required": true
+            }
+        },
+        {
+            "question": "Click the statements that best describe the characteristics of this device.",
+            "description": "This tells us about how this device is managed remotely.",
+            "type": "select-multiple",
+            "answer": [
+                0,
+                1,
+                2
+            ],
+            "options": [
+                "PII/PHI, or confidential business data is accessible from the device without authentication",
+                "Unrecoverable actions (e.g. disk wipe) can be performed remotely",
+                "Authentication is required for remote access",
+                "The management interface is accessible from the public internet",
+                "Static credentials are used for administration"
+            ]
+        },
+        {
+            "question": "Are any of the following statements true about this device?",
+            "description": "This informs us about what other systems and processes this device is a part of.",
+            "type": "select-multiple",
+            "answer": [
+                2,
+                3
+            ],
+            "options": [
+                "The device monitors an environment for active risks to human life.",
+                "The device is used to convey people, or critical property.",
+                "The device controls robotics in human-accessible spaces.",
+                "The device controls physical access systems.",
+                "The device is involved in processes required by regulations, or compliance. (ex. privacy, security, safety regulations)",
+                "The device's failure would cause faults in other high-criticality processes."
+            ]
+        }
+    ]
+}