Test tests

.github/workflows/testing.yml

@@ -7,6 +7,25 @@ on:
     - cron: '0 13 * * *'
 
 jobs:
+  testrun_tests:
+    permissions: {}
+    name:  Tests
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Install dependencies
+        shell: bash {0}
+        run: cmd/prepare
+      - name: Install Testrun
+        shell: bash {0}
+        run: TESTRUN_DIR=. cmd/install
+        timeout-minutes: 30
+      - name: Run tests
+        shell: bash {0}
+        run: testing/tests/test_tests
+
   testrun_baseline:
     permissions: {}
     name:  Baseline

testing/device_configs/tester1/device_config.json

@@ -1,28 +1,53 @@
-{
+{ 
+  "mac_addr": "02:42:aa:00:00:01",
   "manufacturer": "Google",
   "model": "Tester 1",
-  "mac_addr": "02:42:aa:00:00:01",
-  "test_modules": {
-    "dns": {
-      "enabled": true
+  "type": "IoT Gateway",
+  "technology": "Hardware - Access Control",
+  "additional_info": [
+    {
+      "question": "What type of device is this?",
+      "answer": "IoT Gateway"
     },
-    "connection": {
-      "enabled": false
+    {
+      "question": "Please select the technology this device falls into",
+      "answer": "Hardware - Access Control"
     },
-    "ntp": {
-      "enabled": true
+    {
+      "question": "Does your device process any sensitive information?",
+      "answer": "Yes"
     },
-    "baseline": {
-      "enabled": true
+    {
+      "question": "Can all non-essential services be disabled on your device?",
+      "answer": "Yes"
     },
-    "nmap": {
-      "enabled": true
+    {
+      "question": "Is there a second IP port on the device?",
+      "answer": "Yes"
     },
+    {
+      "question": "Can the second IP port on your device be disabled?",
+      "answer": "Yes"
+    }
+  ],
+  "test_modules": {
     "protocol": {
       "enabled": false
     },
+    "services": {
+      "enabled": true
+    },
+    "ntp": {
+      "enabled": false
+    },
     "tls": {
       "enabled": false
+    },
+    "connection": {
+      "enabled": false
+    },
+    "dns": {
+      "enabled": true
     }
   } 
 }

testing/device_configs/tester2/device_config.json

@@ -1,28 +1,53 @@
 {
+  "mac_addr": "02:42:aa:00:00:02",
   "manufacturer": "Google",
   "model": "Tester 2",
-  "mac_addr": "02:42:aa:00:00:02",
-  "test_modules": {
-    "dns": {
-      "enabled": true
+  "type": "IoT Gateway",
+  "technology": "Hardware - Access Control",
+  "additional_info": [
+    {
+      "question": "What type of device is this?",
+      "answer": "IoT Gateway"
     },
-    "connection": {
-      "enabled": true
+    {
+      "question": "Please select the technology this device falls into",
+      "answer": "Hardware - Access Control"
     },
-    "ntp": {
-      "enabled": false
+    {
+      "question": "Does your device process any sensitive information?",
+      "answer": "Yes"
     },
-    "baseline": {
-      "enabled": true
+    {
+      "question": "Can all non-essential services be disabled on your device?",
+      "answer": "Yes"
     },
-    "nmap": {
-      "enabled": true
+    {
+      "question": "Is there a second IP port on the device?",
+      "answer": "Yes"
     },
+    {
+      "question": "Can the second IP port on your device be disabled?",
+      "answer": "Yes"
+    }
+  ],
+  "test_modules": {
     "protocol": {
       "enabled": false
     },
+    "services": {
+      "enabled": true
+    },
+    "ntp": {
+      "enabled": false
+    },
     "tls": {
       "enabled": false
-    }
+    },
+    "connection": {
+      "enabled": false
+    },
+    "dns": {
+      "enabled": true
+    }  
   }
 }

testing/docker/ci_test_device1/compliant/Dockerfile

@@ -0,0 +1,19 @@
+
+FROM ubuntu@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Update the package list and upgrade the installed packages to their latest versions
+RUN apt-get update && apt-get -y upgrade
+
+# Install the necessary packages
+RUN apt-get update && apt-get install -y isc-dhcp-client dnsutils netcat-openbsd arping
+
+# Clean up the package lists to reduce the image size
+RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

testing/docker/ci_test_device1/compliant/entrypoint.sh

@@ -0,0 +1,39 @@
+#!/bin/bash -x
+
+# Display network interfaces
+ip a
+
+# Set paths and servers
+NTP_SERVER=10.10.10.5
+DNS_SERVER=8.8.8.8
+INTF=eth0
+
+# DHCP
+ip addr flush dev $INTF
+PID_FILE=/var/run/dhclient.pid
+if [ -f $PID_FILE ]; then
+    kill -9 $(cat $PID_FILE) || true
+    rm -f $PID_FILE
+fi
+dhclient -v $INTF
+DHCP_TPID=$!
+echo $DHCP_TPID
+
+# SERVICES MODULE
+
+# No FTP, SSH, Telnet, SMTP, HTTP, POP, IMAP services
+echo "FTP, SSH, Telnet, SMTP, HTTP, POP, IMAP, SNMP, VNC, TFTP, NTP services not running"
+
+# DNS MODULE
+
+# Test DNS resolution
+echo "Sending DNS request to $DNS_SERVER"
+dig @$DNS_SERVER +short www.google.com
+
+# Keep network monitoring (can refactor later for other network modules)
+(while true; do arping 10.10.10.1; sleep 10; done) &
+(while true; do ip a | cat; sleep 10; done) &
+
+# Keep the script running
+tail -f /dev/null
+

testing/docker/ci_test_device1/non_compliant/Dockerfile

@@ -0,0 +1,19 @@
+
+FROM ubuntu@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Update the package list and upgrade the installed packages to their latest versions
+RUN apt-get update && apt-get -y upgrade
+
+# Install the necessary packages
+RUN apt-get update && apt-get install -y isc-dhcp-client ntp coreutils dnsutils netcat-openbsd arping
+
+# Clean up the package lists to reduce the image size
+RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

testing/docker/ci_test_device1/non_compliant/entrypoint.sh

@@ -0,0 +1,79 @@
+#!/bin/bash -x
+
+# Display network interfaces
+ip a
+
+# Set paths and servers
+NTP_SERVER=10.10.10.5
+DNS_SERVER="nonexistent.dns.server"
+INTF=eth0
+
+# Check if the interface is up
+ip link show $INTF | grep "state UP" || echo "Warning: $INTF is not up"
+
+# DHCP setup
+ip addr flush dev $INTF
+PID_FILE=/var/run/dhclient.pid
+if [ -f $PID_FILE ]; then
+    kill -9 $(cat $PID_FILE) || true
+    rm -f $PID_FILE
+fi
+dhclient -v $INTF
+DHCP_TPID=$!
+echo $DHCP_TPID
+
+# SERVICES MODULE
+
+# Start FTP service 
+echo "Starting FTP on ports 20, 21"
+nc -nvlt -p 20 &
+nc -nvlt -p 21 &
+
+# Start Telnet service 
+echo "Starting Telnet on port 23"
+nc -nvlt -p 23 &
+
+# Start SMTP service
+echo "Starting SMTP on ports 25, 465, and 587"
+nc -nvlt -p 25 &
+nc -nvlt -p 465 &
+nc -nvlt -p 587 &
+
+# Start HTTP service 
+echo "Starting HTTP on port 80 "
+nc -nvlt -p 80 &
+
+# Start POP service 
+echo "Starting POP on ports 109 and 110 "
+nc -nvlt -p 109 &
+nc -nvlt -p 110 &
+
+# Start IMAP service 
+echo "Starting IMAP on port 143 "
+nc -nvlt -p 143 &
+
+# Start SNMPv2 service 
+echo "Starting SNMPv2 on ports 161/162 "
+(while true; do echo -ne " \x02\x01\ " | nc -u -l -w 1 161; done) &
+
+# Start TFTP service 
+echo "Starting TFTP on port 69 "
+(while true; do echo -ne "\0\x05\0\0\x07\0" | nc -u -l -w 1 69; done) &
+
+# Start NTP service 
+echo "Starting NTP service"
+service ntp start
+
+# DNS MODULE
+
+# Test DNS resolution
+echo "Sending DNS request to $DNS_SERVER"
+dig @$DNS_SERVER +short www.google.com || echo "DNS resolution failed"
+
+# Keep network monitoring
+(while true; do arping 10.10.10.1; sleep 10; done) &
+(while true; do ip a | cat; sleep 10; done) &
+
+# Keep the script running
+tail -f /dev/null
+