Skip to content

Commit

Permalink
Due to unable to perform hostname to ip lookups in testssl.sh, "--ip"…
Browse files Browse the repository at this point in the history 
… option is used to overcome this issue while doing the BCP-003-01 tests
  • Loading branch information
@lo-simon
lo-simon committed Oct 3, 2023
1 parent de8facb commit e043376
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/build-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -394,8 +394,8 @@ jobs:

if [[ "${{ runner.os }}" == "Windows" ]]; then
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test
printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests
printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py
fi

# install certificates
Expand Down Expand Up @@ -928,8 +928,8 @@ jobs:

if [[ "${{ runner.os }}" == "Windows" ]]; then
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test
printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests
printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py
fi

# install certificates
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/src/amwa-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@

if [[ "${{ runner.os }}" == "Windows" ]]; then
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 test
printf '\n\ndef new_BCP00301test_01(self, test):\n """TLS Protocols"""\n hostname = self.apis[SECURE_API_KEY]["hostname"]\n tls_data = self.perform_test_ssl(test, ["-p", "--ip={}".format(socket.gethostbyname(hostname))])\n if tls_data is None:\n return test.DISABLED("Unable to test. See the console for further information.")\n else:\n for report in tls_data:\n if report["id"] in ["SSLv2", "SSLv3", "TLS1", "TLS1_1"] and "not offered" not in report["finding"]:\n return test.FAIL("Protocol {} must not be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_2"] and not report["finding"].startswith("offered"):\n return test.FAIL("Protocol {} must be offered".format(report["id"].replace("_", ".")))\n elif report["id"] in ["TLS1_3"] and not report["finding"].startswith("offered"):\n return test.OPTIONAL("Protocol {} should be offered".format(report["id"].replace("_", ".")),\n "https://specs.amwa.tv/bcp-003-01/branches/{}"\n "/docs/Secure_Communication.html#tls-versions"\n .format(self.apis[SECURE_API_KEY]["spec_branch"]))\n return test.PASS()\n\n\nBCP00301Test.test_01 = new_BCP00301test_01\n' >> nmostesting/suites/BCP00301Test.py
# due to unable to perform hostname to ip lookups, "--ip" option is used to overcome this issue while doing the BCP-003-01 tests
printf '\n\ndef perform_test_ssl_with_ip(self, test, args=None):\n if os.path.exists(TMPFILE):\n os.remove(TMPFILE)\n if args is None:\n args = []\n arg_key = " ".join(args)\n if arg_key in self.report_json:\n return self.report_json[arg_key]\n else:\n try:\n print(args)\n print(arg_key)\n ret = subprocess.run(\n [\n CONFIG.TEST_SSL_BASH,\n "testssl/testssl.sh",\n "--jsonfile",\n TMPFILE,\n "--warnings",\n "off",\n "--openssl-timeout",\n str(CONFIG.HTTP_TIMEOUT),\n "--add-ca",\n CONFIG.CERT_TRUST_ROOT_CA,\n "--ip",\n socket.gethostbyname(self.apis[SECURE_API_KEY]["hostname"]),\n ]\n + args\n + [\n "{}:{}".format(\n self.apis[SECURE_API_KEY]["hostname"],\n self.apis[SECURE_API_KEY]["port"],\n )\n ]\n )\n if ret.returncode == 0:\n with open(TMPFILE) as tls_data:\n self.report_json[arg_key] = json.load(tls_data)\n return self.report_json[arg_key]\n except Exception as e:\n raise NMOSTestException(\n test.DISABLED(\n "Unable to execute testssl.sh. Please see the README for "\n "installation instructions: {}".format(e)\n )\n )\n return None\n\n\nBCP00301Test.perform_test_ssl = perform_test_ssl_with_ip\n' >> nmostesting/suites/BCP00301Test.py
fi

# install certificates
Expand Down

0 comments on commit e043376

Please sign in to comment.