diff --git a/docs/dev/mockoon.json b/docs/dev/mockoon.json index c67ca350b..cf2e38d3f 100644 --- a/docs/dev/mockoon.json +++ b/docs/dev/mockoon.json @@ -605,7 +605,7 @@ "responses": [ { "uuid": "26c16650-9195-4fce-b76f-f00c9192689b", - "body": "[\n {\n \"testrun\": {\n \"version\": \"2.2.2\"\n },\n \"device\": {{data 'cntg' '0'}},\n \"status\": \"Non-Compliant\",\n \"started\": \"2026-02-02 17:24:52\",\n \"finished\": \"2026-02-02 17:34:58\",\n \"report\": \"/report/f0d4e2f2f541_2026-02-02T17:24:52\",\n \"export\": \"/export/f0d4e2f2f541_2026-02-02T17:24:52\",\n \"folder_name\": \"f0d4e2f2f541_2026-02-02T17:24:52\",\n \"delete\": \"/report/f0d4e2f2f541_2026-02-02T17:24:52\"\n },\n {\n \"testrun\": {\n \"version\": \"2.3.2\"\n },\n \"mac_addr\": null,\n \"device\": {{data 'cntg' '0'}},\n \"status\": \"Complete\",\n \"result\": \"Non-Compliant\",\n \"started\": \"2026-06-01 20:53:11\",\n \"finished\": \"2026-06-01 21:05:07\",\n \"report\": \"/report/f0d4e2f2f541_2026-06-01T20:53:11\",\n \"export\": \"/export/f0d4e2f2f541_2026-06-01T20:53:11\",\n \"folder_name\": \"f0d4e2f2f541_2026-06-01T20:53:11\",\n \"delete\": \"/report/f0d4e2f2f541_2026-06-01T20:53:11\"\n }\n]", + "body": "[\n {\n \"testrun\": {\n \"version\": \"2.2.2\"\n },\n \"device\": {{data 'cntg' '0'}},\n \"status\": \"Non-Compliant\",\n \"started\": \"2026-02-02 17:24:52\",\n \"finished\": \"2026-02-02 17:34:58\",\n \"report\": \"/report/f0d4e2f2f541_2026-02-02T17:24:52\",\n \"export\": \"/export/f0d4e2f2f541_2026-02-02T17:24:52\",\n \"folder_name\": \"f0d4e2f2f541_2026-02-02T17:24:52\",\n \"delete\": \"/report/f0d4e2f2f541_2026-02-02T17:24:52\"\n }\n]", "latency": 0, "statusCode": 200, "label": "", @@ -1458,7 +1458,7 @@ }, { "uuid": "9b2c9728-44e8-4000-ba3f-ba849e5b9d71", - "body": "[\n {\n \"name\": \"Primary profile\",\n \"status\": \"Valid\",\n \"created\": \"2024-05-23 12:38:26\",\n \"version\": \"v1.3\",\n \"questions\": [\n [\n {\n \"question\": \"What type of device is this?\",\n \"type\": \"select\",\n \"options\": [\n \"IoT Sensor\",\n \"IoT Controller\",\n \"Smart Device\",\n \"Something else\"\n ],\n \"answer\": \"IoT Sensor\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"How will this device be used at Google?\",\n \"type\": \"text-long\",\n \"answer\": \"Installed in a building\",\n \"validation\": {\n \"max\": \"128\",\n \"required\": true\n }\n },\n {\n \"question\": \"What is the email of the device owner(s)?\",\n \"type\": \"email-multiple\",\n \"answer\": \"boddey@google.com, cmeredith@google.com\",\n \"validation\": {\n \"required\": true,\n \"max\": \"128\"\n }\n },\n {\n \"question\": \"Is this device going to be managed by Google or a third party?\",\n \"type\": \"select\",\n \"options\": [\n \"Google\",\n \"Third Party\"\n ],\n \"answer\": \"Google\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Will the third-party device administrator be able to grant access to authorized Google personnel upon request?\",\n \"type\": \"select\",\n \"options\": [\n \"Yes\",\n \"No\",\n \"N/A\"\n ],\n \"default\": \"N/A\",\n \"answer\": \"Yes\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Are any of the following statements true about your device?\",\n \"description\": \"This tells us about the data your device will collect\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 2\n ],\n \"options\": [\n \"The device collects any Personal Identifiable Information (PII) or Personal Health Information (PHI)\",\n \"The device collects intellectual property and trade secrets, sensitive business data, critical infrastructure data, identity assets\",\n \"The device stream confidential business data in real-time (seconds)?\"\n ]\n },\n {\n \"question\": \"Which of the following statements are true about this device?\",\n \"description\": \"This tells us about the types of data that are transmitted from this device and how the transmission is performed from a technical standpoint.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 1,\n 5\n ],\n \"options\": [\n \"PII/PHI, confidential business data, or crown jewel data is transmitted to a destination outside Alphabet's ownership\",\n \"Data transmission occurs across less-trusted networks (e.g. the internet).\",\n \"A failure in data transmission would likely have a substantial negative impact (https://www.rra.rocks/docs/standard_levels#levels-definitions)\",\n \"A confidentiality breach during transmission would have a substantial negative impact\",\n \"The device encrypts data during transmission\",\n \"The device network protocol is well-established and currently used by Google\"\n ]\n },\n {\n \"question\": \"Does the network protocol assure server-to-client identity verification?\",\n \"type\": \"select\",\n \"answer\": \"Yes\",\n \"options\": [\n \"Yes\",\n \"No\",\n \"I don't know\"\n ],\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Click the statements that best describe the characteristics of this device.\",\n \"description\": \"This tells us about how this device is managed remotely.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 1,\n 2\n ],\n \"options\": [\n \"PII/PHI, or confidential business data is accessible from the device without authentication\",\n \"Unrecoverable actions (e.g. disk wipe) can be performed remotely\",\n \"Authentication is required for remote access\",\n \"The management interface is accessible from the public internet\",\n \"Static credentials are used for administration\"\n ]\n },\n {\n \"question\": \"Are any of the following statements true about this device?\",\n \"description\": \"This informs us about what other systems and processes this device is a part of.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 2,\n 3\n ],\n \"options\": [\n \"The device monitors an environment for active risks to human life.\",\n \"The device is used to convey people, or critical property.\",\n \"The device controls robotics in human-accessible spaces.\",\n \"The device controls physical access systems.\",\n \"The device is involved in processes required by regulations, or compliance. (ex. privacy, security, safety regulations)\",\n \"The device's failure would cause faults in other high-criticality processes.\"\n ]\n }\n ]\n ]\n },\n {\n \"name\": \"Draft profile old version\",\n \"version\": \"2.4.0-beta.2\",\n \"created\": \"2026-05-28T06:47:56.958894\",\n \"status\": \"Draft\",\n \"risk\": null,\n \"questions\": [\n {\n \"question\": \"How will this device be used at Google?\",\n \"answer\": \"test\"\n },\n {\n \"question\": \"Is this device going to be managed by Google or a third party?\",\n \"answer\": \"Google\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Will the third-party device administrator be able to grant access to authorized Google personnel upon request?\",\n \"default\": \"N/A\",\n \"answer\": \"N/A\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Which of the following statements are true about this device?\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Does the network protocol assure server-to-client identity verification?\",\n \"answer\": \"No\",\n \"risk\": \"High\"\n },\n {\n \"question\": \"Click the statements that best describe the characteristics of this device.\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Are any of the following statements true about this device?\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Comments\",\n \"answer\": \"\"\n }\n ]\n },\n {\n \"name\": \"Expired profile\",\n \"version\": \"2.3.0-beta.2\",\n \"created\": \"2024-05-28T06:47:56.958894\",\n \"status\": \"Expired\",\n \"risk\": null,\n \"questions\": [\n {\n \"question\": \"How will this device be used at Google?\",\n \"answer\": \"Expired\"\n },\n {\n \"question\": \"Is this device going to be managed by Google or a third party?\",\n \"answer\": \"Third Party\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Will the third-party device administrator be able to grant access to authorized Google personnel upon request?\",\n \"default\": \"N/A\",\n \"answer\": \"N/A\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Which of the following statements are true about this device?\",\n \"answer\": [\n 1\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Does the network protocol assure server-to-client identity verification?\",\n \"answer\": \"No\",\n \"risk\": \"High\"\n },\n {\n \"question\": \"Click the statements that best describe the characteristics of this device.\",\n \"answer\": [\n 1\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Are any of the following statements true about this device?\",\n \"answer\": [\n 1\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Comments\",\n \"answer\": \"Expired\"\n }\n ]\n }\n]", + "body": "[\n {\n \"name\": \"Primary profile\",\n \"status\": \"Valid\",\n \"created\": \"2024-05-23 12:38:26\",\n \"version\": \"v1.3\",\n \"questions\": [\n [\n {\n \"question\": \"What type of device is this?\",\n \"type\": \"select\",\n \"options\": [\n \"IoT Sensor\",\n \"IoT Controller\",\n \"Smart Device\",\n \"Something else\"\n ],\n \"answer\": \"IoT Sensor\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"How will this device be used at Google?\",\n \"type\": \"text-long\",\n \"answer\": \"Installed in a building\",\n \"validation\": {\n \"max\": \"128\",\n \"required\": true\n }\n },\n {\n \"question\": \"What is the email of the device owner(s)?\",\n \"type\": \"email-multiple\",\n \"answer\": \"boddey@google.com, cmeredith@google.com\",\n \"validation\": {\n \"required\": true,\n \"max\": \"128\"\n }\n },\n {\n \"question\": \"Is this device going to be managed by Google or a third party?\",\n \"type\": \"select\",\n \"options\": [\n \"Google\",\n \"Third Party\"\n ],\n \"answer\": \"Google\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Will the third-party device administrator be able to grant access to authorized Google personnel upon request?\",\n \"type\": \"select\",\n \"options\": [\n \"Yes\",\n \"No\",\n \"N/A\"\n ],\n \"default\": \"N/A\",\n \"answer\": \"Yes\",\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Are any of the following statements true about your device?\",\n \"description\": \"This tells us about the data your device will collect\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 2\n ],\n \"options\": [\n \"The device collects any Personal Identifiable Information (PII) or Personal Health Information (PHI)\",\n \"The device collects intellectual property and trade secrets, sensitive business data, critical infrastructure data, identity assets\",\n \"The device stream confidential business data in real-time (seconds)?\"\n ]\n },\n {\n \"question\": \"Which of the following statements are true about this device?\",\n \"description\": \"This tells us about the types of data that are transmitted from this device and how the transmission is performed from a technical standpoint.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 1,\n 5\n ],\n \"options\": [\n \"PII/PHI, confidential business data, or crown jewel data is transmitted to a destination outside Alphabet's ownership\",\n \"Data transmission occurs across less-trusted networks (e.g. the internet).\",\n \"A failure in data transmission would likely have a substantial negative impact (https://www.rra.rocks/docs/standard_levels#levels-definitions)\",\n \"A confidentiality breach during transmission would have a substantial negative impact\",\n \"The device encrypts data during transmission\",\n \"The device network protocol is well-established and currently used by Google\"\n ]\n },\n {\n \"question\": \"Does the network protocol assure server-to-client identity verification?\",\n \"type\": \"select\",\n \"answer\": \"Yes\",\n \"options\": [\n \"Yes\",\n \"No\",\n \"I don't know\"\n ],\n \"validation\": {\n \"required\": true\n }\n },\n {\n \"question\": \"Click the statements that best describe the characteristics of this device.\",\n \"description\": \"This tells us about how this device is managed remotely.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 0,\n 1,\n 2\n ],\n \"options\": [\n \"PII/PHI, or confidential business data is accessible from the device without authentication\",\n \"Unrecoverable actions (e.g. disk wipe) can be performed remotely\",\n \"Authentication is required for remote access\",\n \"The management interface is accessible from the public internet\",\n \"Static credentials are used for administration\"\n ]\n },\n {\n \"question\": \"Are any of the following statements true about this device?\",\n \"description\": \"This informs us about what other systems and processes this device is a part of.\",\n \"type\": \"select-multiple\",\n \"answer\": [\n 2,\n 3\n ],\n \"options\": [\n \"The device monitors an environment for active risks to human life.\",\n \"The device is used to convey people, or critical property.\",\n \"The device controls robotics in human-accessible spaces.\",\n \"The device controls physical access systems.\",\n \"The device is involved in processes required by regulations, or compliance. (ex. privacy, security, safety regulations)\",\n \"The device's failure would cause faults in other high-criticality processes.\"\n ]\n }\n ]\n ]\n },\n {\n \"name\": \"Draft profile old version\",\n \"version\": \"2.4.0-beta.2\",\n \"created\": \"2026-05-28T06:47:56.958894\",\n \"status\": \"Draft\",\n \"risk\": null,\n \"questions\": [\n {\n \"question\": \"How will this device be used at Google?\",\n \"answer\": \"test\"\n },\n {\n \"question\": \"Is this device going to be managed by Google or a third party?\",\n \"answer\": \"Google\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Will the third-party device administrator be able to grant access to authorized Google personnel upon request?\",\n \"default\": \"N/A\",\n \"answer\": \"N/A\",\n \"risk\": \"Limited\"\n },\n {\n \"question\": \"Which of the following statements are true about this device?\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Does the network protocol assure server-to-client identity verification?\",\n \"answer\": \"No\",\n \"risk\": \"High\"\n },\n {\n \"question\": \"Click the statements that best describe the characteristics of this device.\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Are any of the following statements true about this device?\",\n \"answer\": [\n 0\n ],\n \"risk\": \"High\"\n },\n {\n \"question\": \"Comments\",\n \"answer\": \"\"\n }\n ]\n }\n]", "latency": 0, "statusCode": 200, "label": "Several profiles", @@ -1669,35 +1669,6 @@ } ], "responseMode": null - }, - { - "uuid": "bd738482-fbfb-4e60-9435-36cc94b1852a", - "type": "http", - "documentation": "", - "method": "delete", - "endpoint": "report/f0d4e2f2f541_2026-02-02T17:24:52", - "responses": [ - { - "uuid": "5c3cd9b8-0a90-4192-8373-835a55487159", - "body": "{}", - "latency": 0, - "statusCode": 200, - "label": "", - "headers": [], - "bodyType": "INLINE", - "filePath": "", - "databucketID": "", - "sendFileAsBody": false, - "rules": [], - "rulesOperator": "OR", - "disableTemplating": false, - "fallbackTo404": false, - "default": true, - "crudKey": "id", - "callbacks": [] - } - ], - "responseMode": null } ], "rootChildren": [ @@ -1800,10 +1771,6 @@ { "type": "route", "uuid": "65398138-9bd5-4701-af27-48cd268c30cb" - }, - { - "type": "route", - "uuid": "bd738482-fbfb-4e60-9435-36cc94b1852a" } ], "proxyMode": false, diff --git a/framework/python/src/core/testrun.py b/framework/python/src/core/testrun.py index c7af703e1..c5dce3adb 100644 --- a/framework/python/src/core/testrun.py +++ b/framework/python/src/core/testrun.py @@ -52,6 +52,7 @@ DEVICE_TEST_PACK_KEY = 'test_pack' DEVICE_ADDITIONAL_INFO_KEY = 'additional_info' DEVICE_REPORT_NAME_FORMAT = '{mac_addr}_{timestamp}' +DEVICE_QUESTIONS_FILE_NAME = 'device_profile.json' MAX_DEVICE_REPORTS_KEY = 'max_device_reports' @@ -283,9 +284,37 @@ def _load_devices(self, device_dir): device.additional_info = device_config_json.get( DEVICE_ADDITIONAL_INFO_KEY) - if None in [device.type, device.technology, device.test_pack]: - LOGGER.warning( - 'Device is outdated and requires further configuration') + format_file_path = os.path.join(self.get_root_dir(), + RESOURCE_DEVICES_DIR, + DEVICE_QUESTIONS_FILE_NAME) + with open(format_file_path, 'r', encoding='utf-8') as f: + format_data = json.load(f) + + required_questions = [ + item['question'] for item in format_data + if item.get('validation', {}).get('required') is True + ] + + current_answers = \ + device.additional_info if device.additional_info else [] + answered_questions = \ + [entry.get('question') for entry in current_answers] + + missing_answers = [q for q in required_questions if + q not in answered_questions] + + if (None in [device.type, device.technology, device.test_pack] or + len(missing_answers) > 0): + if missing_answers: + LOGGER.warning( + f'Device : {device}' + ) + LOGGER.warning( + f'Device is missing required additional info: {missing_answers}' + ) + else: + LOGGER.warning( + 'Device is outdated and requires further configuration') device.status = 'Invalid' if not device.get_reports(): diff --git a/make/DEBIAN/control b/make/DEBIAN/control index 712ddae05..ddd07d4da 100644 --- a/make/DEBIAN/control +++ b/make/DEBIAN/control @@ -1,5 +1,5 @@ Package: Testrun -Version: 2.3.4-beta.4 +Version: 2.4.0-beta.3 Architecture: amd64 Maintainer: Google Homepage: https://github.com/google/testrun diff --git a/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.html b/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.html index 8508045aa..becde20cf 100644 --- a/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.html +++ b/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.html @@ -50,6 +50,7 @@

Welcome to Testrun!

> to share you thoughts +
  • Risk Profile was lastly updated in 2026 V2.4.0
    • diff --git a/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.ts b/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.ts index d364effb1..ef6aff1d4 100644 --- a/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.ts +++ b/modules/ui/src/app/components/version/consent-dialog/consent-dialog.component.ts @@ -35,7 +35,6 @@ type DialogData = { @Component({ selector: 'app-consent-dialog', - imports: [ MatDialogModule, MatButtonModule, diff --git a/modules/ui/src/app/components/version/version.component.ts b/modules/ui/src/app/components/version/version.component.ts index 193ac52b6..2d80a46c0 100644 --- a/modules/ui/src/app/components/version/version.component.ts +++ b/modules/ui/src/app/components/version/version.component.ts @@ -45,7 +45,6 @@ export const INSTALLED_VERSION = 'INSTALLED_VERSION'; declare const gtag: Function; @Component({ selector: 'app-version', - imports: [CommonModule, MatButtonModule, MatDialogModule], templateUrl: './version.component.html', styleUrls: ['./version.component.scss'], diff --git a/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.html b/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.html index 168685844..c78ba26da 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.html +++ b/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.html @@ -13,7 +13,12 @@ See the License for the specific language governing permissions and limitations under the License. --> -
    +
    { let component: ProfileFormComponent; @@ -291,6 +293,21 @@ describe('ProfileFormComponent', () => { }); }); + describe('with expired profile', () => { + beforeEach(() => { + component.selectedProfile = EXPIRED_PROFILE_MOCK; + fixture.detectChanges(); + }); + + it('should have a form with "outdated" clsss', () => { + const form = fixture.debugElement.query( + By.css('.profile-form-outdated') + ); + + expect(form).toBeTruthy(); + }); + }); + describe('with profile', () => { beforeEach(() => { component.selectedProfile = PROFILE_MOCK; diff --git a/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.ts b/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.ts index aab8c56c0..8dc77a17c 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.ts +++ b/modules/ui/src/app/pages/risk-assessment/profile-form/profile-form.component.ts @@ -240,12 +240,12 @@ export class ProfileFormComponent implements OnInit, AfterViewInit { return false; } - for (const question of profile1.questions) { + for (const question of profile2.questions) { const answer1 = question.answer; - const answer2 = profile2.questions?.find( + const answer2 = profile1.questions?.find( question2 => question2.question === question.question )?.answer; - if (answer1 !== undefined && answer2 !== undefined) { + if (!this.isEmptyAnswer(answer1) && !this.isEmptyAnswer(answer2)) { if (typeof question.answer === 'string') { if (answer1 !== answer2) { return false; @@ -262,13 +262,19 @@ export class ProfileFormComponent implements OnInit, AfterViewInit { ) return false; } - } else { - return !!answer1 == !!answer2; + } else if (this.isEmptyAnswer(answer2) && !this.isEmptyAnswer(answer1)) { + return false; } } return true; } + private isEmptyAnswer(answer: unknown): boolean { + if (answer === undefined || answer === null || answer === '') return true; + if (Array.isArray(answer) && answer.length === 0) return true; + return false; + } + private get fieldsHasError(): boolean { return this.profileFormat.some((field, index) => { return ( diff --git a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.html b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.html index ab3d4a95b..f1df53e63 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.html +++ b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.html @@ -23,22 +23,14 @@ role="button" tabindex="0" #tooltip="matTooltip" - matTooltip="{{ - profile.status === ProfileStatus.EXPIRED - ? EXPIRED_TOOLTIP - : profile.status - }}" + matTooltip="{{ profile.status }}" [attr.aria-label]="getProfileItemLabel(profile)" (click)="profileClicked.emit(profile)" (keydown.enter)="enterProfileItem(profile)" (keydown.space)="enterProfileItem(profile)"> + [attr.aria-label]="profile.status"> @if (profile.status === ProfileStatus.VALID) { check_circle diff --git a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.scss b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.scss index 732bdfef2..a4ffd873b 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.scss +++ b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.scss @@ -32,13 +32,7 @@ $profile-item-container-gap: 8px; } } -:host:has(.profile-item-container-expired) { - cursor: not-allowed; -} - .profile-item-container-expired { - pointer-events: none; - opacity: 0.5; .profile-item-info { .profile-item-icon, .profile-item-name, diff --git a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.spec.ts b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.spec.ts index 695786399..28eb0bf98 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.spec.ts +++ b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.spec.ts @@ -13,18 +13,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -import { - ComponentFixture, - fakeAsync, - TestBed, - tick, -} from '@angular/core/testing'; +import { ComponentFixture, TestBed } from '@angular/core/testing'; import { ProfileItemComponent } from './profile-item.component'; -import { - EXPIRED_PROFILE_MOCK, - PROFILE_MOCK, -} from '../../../mocks/profile.mock'; +import { PROFILE_MOCK } from '../../../mocks/profile.mock'; import { TestRunService } from '../../../services/test-run.service'; import { LiveAnnouncer } from '@angular/cdk/a11y'; @@ -80,18 +72,6 @@ describe('ProfileItemComponent', () => { expect(profileClickedSpy).toHaveBeenCalledWith(PROFILE_MOCK); }); - it('should change tooltip on focusout', fakeAsync(() => { - component.profile = EXPIRED_PROFILE_MOCK; - fixture.detectChanges(); - - fixture.nativeElement.dispatchEvent(new Event('focusout')); - tick(); - - expect(component.tooltip().message).toEqual( - 'Expired. Please, create a new Risk profile.' - ); - })); - it('#getRiskClass should call getRiskClass on testRunService', () => { const MOCK_RISK = 'mock value'; component.getRiskClass(MOCK_RISK); @@ -105,22 +85,4 @@ describe('ProfileItemComponent', () => { expect(profileClickedSpy).toHaveBeenCalled(); }); - - describe('with Expired profile', () => { - beforeEach(() => { - component.enterProfileItem(EXPIRED_PROFILE_MOCK); - }); - - it('should change tooltip on enterProfileItem', () => { - expect(component.tooltip().message).toEqual( - 'This risk profile is outdated. Please create a new risk profile.' - ); - }); - - it('should announce', () => { - expect(mockLiveAnnouncer.announce).toHaveBeenCalledWith( - 'This risk profile is outdated. Please create a new risk profile.' - ); - }); - }); }); diff --git a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.ts b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.ts index a4cfadc83..73177ad3e 100644 --- a/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.ts +++ b/modules/ui/src/app/pages/risk-assessment/profile-item/profile-item.component.ts @@ -17,10 +17,8 @@ import { ChangeDetectionStrategy, Component, EventEmitter, - HostListener, Input, Output, - viewChild, inject, } from '@angular/core'; import { @@ -33,7 +31,6 @@ import { MatButtonModule } from '@angular/material/button'; import { CommonModule, DatePipe } from '@angular/common'; import { TestRunService } from '../../../services/test-run.service'; import { MatTooltip, MatTooltipModule } from '@angular/material/tooltip'; -import { LiveAnnouncer } from '@angular/cdk/a11y'; @Component({ selector: 'app-profile-item', @@ -46,40 +43,18 @@ import { LiveAnnouncer } from '@angular/cdk/a11y'; }) export class ProfileItemComponent { private readonly testRunService = inject(TestRunService); - private liveAnnouncer = inject(LiveAnnouncer); private datePipe = inject(DatePipe); public readonly ProfileStatus = ProfileStatus; - public readonly EXPIRED_TOOLTIP = - 'Expired. Please, create a new Risk profile.'; @Input() profile!: Profile; @Output() profileClicked = new EventEmitter(); - readonly tooltip = viewChild.required('tooltip'); - - @HostListener('focusout') - outEvent(): void { - if (this.profile.status === ProfileStatus.EXPIRED) { - this.tooltip().message = this.EXPIRED_TOOLTIP; - } - } - public getRiskClass(riskResult: string): RiskResultClassName { return this.testRunService.getRiskClass(riskResult); } public async enterProfileItem(profile: Profile) { - if (profile.status === ProfileStatus.EXPIRED) { - const tooltip = this.tooltip(); - tooltip.message = - 'This risk profile is outdated. Please create a new risk profile.'; - tooltip.show(); - await this.liveAnnouncer.announce( - 'This risk profile is outdated. Please create a new risk profile.' - ); - } else { - this.profileClicked.emit(profile); - } + this.profileClicked.emit(profile); } getProfileItemLabel(profile: Profile) { diff --git a/modules/ui/src/app/pages/risk-assessment/risk-assessment.component.ts b/modules/ui/src/app/pages/risk-assessment/risk-assessment.component.ts index 08bd3476d..1a67f0e64 100644 --- a/modules/ui/src/app/pages/risk-assessment/risk-assessment.component.ts +++ b/modules/ui/src/app/pages/risk-assessment/risk-assessment.component.ts @@ -138,9 +138,7 @@ export class RiskAssessmentComponent } async profileClicked(profile: Profile | null = null) { - if (profile === null || profile.status !== ProfileStatus.EXPIRED) { - await this.openForm(profile); - } + await this.openForm(profile); } async openForm(profile: Profile | null = null) { @@ -289,10 +287,6 @@ export class RiskAssessmentComponent if (profile.status === ProfileStatus.COPY) { return []; } - // expired profiles can only be removed - if (profile.status === ProfileStatus.EXPIRED) { - return [{ action: ProfileAction.Delete, icon: 'delete' }]; - } return actions; }; } diff --git a/resources/devices/device_profile.json b/resources/devices/device_profile.json index 5158dd5ff..dbb551cb6 100644 --- a/resources/devices/device_profile.json +++ b/resources/devices/device_profile.json @@ -402,5 +402,58 @@ "id": 3 } ] + }, + { + "id": 7, + "question": "Does the device UI web dashboard have a mechanism to enforce the change of default passwords, SSH, Hardcoded Accounts Credentials and factory-default API keys upon first use?", + "validation": { "required": true }, + "type": "select", + "options": [ + { "id": 1, "text": "Yes, mandatory change required", "risk": "Limited" }, + { "id": 2, "text": "Yes, but can be bypassed", "risk": "High" }, + { "id": 3, "text": "No, default credentials remain", "risk": "High" }, + { "id": 4, "text": "N/A (No password-based login)", "risk": "High" } + ] + }, + { + "id": 8, + "question": "Does the device support encrypted management protocols (e.g., HTTPS, SSHv2, TLS 1.2, or TLS 1.3)?", + "validation": { "required": true }, + "type": "select", + "options": [ + { "id": 1, "text": "Yes, only encrypted protocols", "risk": "Limited" }, + { "id": 2, "text": "Yes, but unencrypted protocols (HTTP/Telnet) are also available", "risk": "High" }, + { "id": 3, "text": "No, only unencrypted protocols are supported", "risk": "High" } + ] + }, + { + "id": 9, + "question": "How are firmware updates delivered and verified on the device?", + "validation": { "required": true }, + "type": "select", + "options": [ + { "id": 1, "text": "Automatic updates with cryptographic signature verification", "risk": "Limited" }, + { "id": 2, "text": "Manual updates with cryptographic signature verification", "risk": "Limited" }, + { "id": 3, "text": "Manual updates without signature verification", "risk": "High" }, + { "id": 4, "text": "The device does not support firmware updates", "risk": "High" } + ] + }, + { + "id": 10, + "question": "Does the device include physical tamper-resistant features?", + "validation": { "required": true }, + "type": "select", + "options": [ + { + "id": 1, + "text": "Yes, includes physical seals or chassis intrusion detection", + "risk": "Limited" + }, + { + "id": 2, + "text": "No physical tamper protection", + "risk": "High" + } + ] } ] \ No newline at end of file diff --git a/resources/report/test_report_styles.css b/resources/report/test_report_styles.css index d6f9aeacb..d41600c84 100644 --- a/resources/report/test_report_styles.css +++ b/resources/report/test_report_styles.css @@ -739,7 +739,6 @@ display: inline-block; width: 340px; position: relative; - height: 100%; } .device-profile-answer ul { diff --git a/resources/risk_assessment.json b/resources/risk_assessment.json index d4f2574fb..be9ed0bb4 100644 --- a/resources/risk_assessment.json +++ b/resources/risk_assessment.json @@ -3,186 +3,195 @@ "question": "How will this device be used at Google?", "description": "Describe your use case. Add links to user journey diagrams and TDD if available.", "type": "text-long", - "validation": { - "max": "512", - "required": true - } + "validation": { "max": "512", "required": true } }, { "question": "Is this device going to be managed by Google or a third party?", "description": "A manufacturer or supplier is considered third party in this case", "type": "select", "options": [ - { - "text": "Google", - "risk": "Limited" - }, - { - "text": "Third Party", - "risk": "High" - } + { "text": "Google", "risk": "Limited" }, + { "text": "Third Party", "risk": "High" } ], - "validation": { - "required": true - } + "validation": { "required": true } }, { "question": "Will the third-party device administrator be able to grant access to authorized Google personnel upon request?", "type": "select", "options": [ - { - "text": "Yes" - }, - { - "text": "No" - }, - { - "text": "N/A" - } + { "text": "Yes" }, + { "text": "No" }, + { "text": "N/A" } ], "default": "N/A", - "validation": { - "required": true - } + "validation": { "required": true } }, { "category": "Data Transmission", "question": "Which of the following statements are true about this device?", - "description": "This tells us about the types of data that are transmitted from this device and how the transmission is performed from a technical standpoint.", + "description": "Types of data transmitted and technical transmission methods.", "type": "select-multiple", "options": [ - { - "text": "PII/PHI, confidential/sensitive business data, Intellectual Property and Trade Secrets, Critical Infrastructure and Identity Assets to a domain outside Alphabet's ownership", - "risk": "High" - }, - { - "text": "Data transmission occurs across less-trusted networks (e.g. the internet).", - "risk": "High" - }, - { - "text": "A failure in data transmission would likely have a substantial negative impact (https://www.rra.rocks/docs/standard_levels#levels-definitions)", - "risk": "High" - }, - { - "text": "A confidentiality breach during transmission would have a substantial negative impact", - "risk": "High" - }, - { - "text": "The device does not encrypt data during transmission", - "risk": "High" - }, - { - "text": "None of the above", - "risk": "Limited" - } + { "text": "PII/PHI, confidential/sensitive business data, Intellectual Property and Trade Secrets, Critical Infrastructure and Identity Assets to a domain outside Alphabet's ownership", "risk": "High" }, + { "text": "Data transmission occurs across less-trusted networks (e.g. the internet).", "risk": "High" }, + { "text": "A failure in data transmission would likely have a substantial negative impact", "risk": "High" }, + { "text": "A confidentiality breach during transmission would have a substantial negative impact", "risk": "High" }, + { "text": "The device does not encrypt data during transmission", "risk": "High" }, + { "text": "None of the above", "risk": "Limited" } ], - "validation": { - "required": true - } + "validation": { "required": true } }, { "category": "Data Transmission", "question": "Does the network protocol assure server-to-client identity verification?", "type": "select", "options": [ - { - "text": "Yes", - "risk": "Limited" - }, - { - "text": "No", - "risk": "High" - }, - { - "text": "I don't know", - "risk": "High" - } - + { "text": "Yes", "risk": "Limited" }, + { "text": "No", "risk": "High" }, + { "text": "I don't know", "risk": "High" } ], - "validation": { - "required": true - } + "validation": { "required": true } }, { "category": "Remote Operation", "question": "Click the statements that best describe the characteristics of this device.", - "description": "This tells us about how this device is managed remotely.", + "description": "Remote management and access characteristics.", "type": "select-multiple", "options": [ - { - "text": "PII/PHI, or confidential business data is accessible from the device without authentication", - "risk": "High" - }, - { - "text": "Unrecoverable actions (e.g. disk wipe) can be performed remotely", - "risk": "High" - }, - { - "text": "Authentication is not required for remote access", - "risk": "High" - }, - { - "text": "The management interface is accessible from the public internet", - "risk": "High" - }, - { - "text": "Static credentials are used for administration", - "risk": "High" - }, - { - "text": "None of the above", - "risk": "Limited" - } + { "text": "PII/PHI, or confidential business data is accessible from the device without authentication", "risk": "High" }, + { "text": "Unrecoverable actions (e.g. disk wipe) can be performed remotely", "risk": "High" }, + { "text": "Authentication is not required for remote access", "risk": "High" }, + { "text": "The management interface is accessible from the public internet", "risk": "High" }, + { "text": "Static credentials are used for administration", "risk": "High" }, + { "text": "None of the above", "risk": "Limited" } ], - "validation": { - "required": true - } + "validation": { "required": true } }, { "category": "Operating Environment", "question": "Are any of the following statements true about this device?", - "description": "This informs us about what other systems and processes this device is a part of.", + "description": "Context of the device within larger systems and processes.", + "type": "select-multiple", + "options": [ + { "text": "The device monitors an environment for active risks to human life.", "risk": "High" }, + { "text": "The device is used to convey people, or critical property.", "risk": "High" }, + { "text": "The device controls robotics in human-accessible spaces.", "risk": "High" }, + { "text": "The device controls physical access systems.", "risk": "High" }, + { "text": "The device is involved in processes required by regulations, or compliance.", "risk": "High" }, + { "text": "The device's failure would cause faults in other high-criticality processes.", "risk": "High" }, + { "text": "None of the above", "risk": "Limited" } + ], + "validation": { "required": true } + }, + { + "category": "Wireless Security", + "question": "What types of wireless connectivity does this device support or utilize? (Select all that apply)", + "description": "Select all active or physically present wireless interfaces.", "type": "select-multiple", "options": [ { - "text": "The device monitors an environment for active risks to human life.", - "risk": "High" - }, - { - "text": "The device is used to convey people, or critical property.", + "text": "Cellular / WWAN (e.g., LTE, 5G, NB-IoT, eSIM)", "risk": "High" }, { - "text": "The device controls robotics in human-accessible spaces.", + "text": "LPWAN / Long-Range RF (e.g., LoRaWAN)", "risk": "High" }, { - "text": "The device controls physical access systems.", + "text": "Wi-Fi / WLAN - broadcasts its own network (acts as an Access Point / Wi-Fi Direct)", "risk": "High" }, { - "text": "The device is involved in processes required by regulations, or compliance. (ex. privacy, security, safety regulations)", - "risk": "High" + "text": "Wi-Fi / WLAN - connects as a standard client to an existing network", + "risk": "Limited" }, { - "text": "The device's failure would cause faults in other high-criticality processes.", - "risk": "High" + "text": "Short-range RF (e.g., Bluetooth, BLE, Zigbee)", + "risk": "Limited" }, { - "text": "None of the above", + "text": "None (Hardwired Ethernet or serial connections only)", "risk": "Limited" } ], "validation": { "required": true } + + }, + { + "category": "Physical Security", + "question": "Are physical debug interfaces (JTAG, UART, SWD) disabled or physically inaccessible?", + "type": "select", + "options": [ + { "text": "Yes, disabled in hardware/firmware", "risk": "Limited" }, + { "text": "No, ports are active and accessible", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "category": "Authentication", + "question": "Does the device support integration with Google's SSO or MFA for administrative access?", + "type": "select", + "options": [ + { "text": "Yes, supports Google’s SSO or MFA", "risk": "Limited" }, + { "text": "No, uses local unique or shared passwords", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "category": "Software Integrity", + "question": "Is firmware cryptographically signed and verified during the boot process?", + "type": "select", + "options": [ + { "text": "Yes, verified Secure Boot", "risk": "Limited" }, + { "text": "No signing used", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "category": "Vulnerability Management", + "question": "How frequently are security patches released and applied to this device?", + "type": "select", + "options": [ + { "text": "Automatically within 30 days of release", "risk": "Limited" }, + { "text": "Rarely or no patch support", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "category": "Privacy", + "question": "Does the device include audio or video recording capabilities?", + "type": "select", + "options": [ + { "text": "No", "risk": "Limited" }, + { "text": "Yes", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "category": "Logging", + "question": "Does the device generate security audit logs (e.g., login attempts, config changes)?", + "type": "select", + "options": [ + { "text": "Yes", "risk": "Limited" }, + { "text": "No", "risk": "High" } + ], + "validation": { "required": true } + }, + { + "question": "Does the device undergo regular third-party penetration testing?", + "type": "select", + "options": [ + { "text": "Yes", "risk": "Limited" }, + { "text": "No", "risk": "High" } + ], + "validation": { "required": true } }, { "question": "Comments", "description": "Anything else to share?", "type": "text-long", - "validation": { - "max": "512" - } + "validation": { "max": "512" } } -] \ No newline at end of file +] diff --git a/testing/api/devices/device_1/device_config.json b/testing/api/devices/device_1/device_config.json index 9e3f84328..a4882b835 100644 --- a/testing/api/devices/device_1/device_config.json +++ b/testing/api/devices/device_1/device_config.json @@ -15,7 +15,7 @@ "answer": "Hardware - Access Control" }, { - "question": "Does your device process any sensitive information?", + "question": "Does your device process any sensitive information? ", "answer": "Yes" }, { @@ -29,6 +29,22 @@ { "question": "Can the second IP port on your device be disabled?", "answer": "Yes" + }, + { + "question": "Does the device UI web dashboard have a mechanism to enforce the change of default passwords, SSH, Hardcoded Accounts Credentials and factory-default API keys upon first use?", + "answer": "Yes, but can be bypassed" + }, + { + "question": "Does the device support encrypted management protocols (e.g., HTTPS, SSHv2, TLS 1.2, or TLS 1.3)?", + "answer": "Yes, only encrypted protocols" + }, + { + "question": "How are firmware updates delivered and verified on the device?", + "answer": "Automatic updates with cryptographic signature verification" + }, + { + "question": "Does the device include physical tamper-resistant features?", + "answer": "No physical tamper protection" } ], "test_modules": { @@ -52,119 +68,135 @@ } }, "reports": [{ - "testrun": { - "version": "2.1" - }, - "mac_addr": null, - "device": { - "mac_addr": "00:1e:42:35:73:c4", - "manufacturer": "Teltonika", - "model": "TRB140", - "firmware": "1", - "test_modules": { - "protocol": { - "enabled": false - }, - "services": { - "enabled": false - }, - "connection": { - "enabled": false - }, - "tls": { - "enabled": true - }, - "ntp": { - "enabled": false - }, - "dns": { - "enabled": false - } - }, - "test_pack": "Device Qualification", - "device_profile": [ - { - "question": "What type of device is this?", - "answer": "Building Automation Gateway" - }, - { - "question": "Please select the technology this device falls into", - "answer": "Hardware - Access Control" - }, - { - "question": "Does your device process any sensitive information? ", - "answer": "No" - }, - { - "question": "Can all non-essential services be disabled on your device?", - "answer": "Yes" - }, - { - "question": "Is there a second IP port on the device?", - "answer": "Yes" - }, - { - "question": "Can the second IP port on your device be disabled?", - "answer": "No" - } - ] - }, - "status": "Non-Compliant", - "started": "2024-12-10 16:06:42", - "finished": "2024-12-10 16:08:12", - "tests": { - "total": 5, - "results": [ - { - "name": "security.tls.v1_0_client", - "description": "No outbound connections were found", - "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.0 and support", - "required_result": "Informational", - "result": "Feature Not Detected" - }, - { - "name": "security.tls.v1_2_server", - "description": "TLS 1.2 certificate is invalid", - "expected_behavior": "TLS 1.2 certificate is issued to the web browser client when accessed", - "required_result": "Required if Applicable", - "result": "Non-Compliant", - "recommendations": [ - "Enable TLS 1.2 support in the web server configuration", - "Disable TLS 1.0 and 1.1", - "Sign the certificate used by the web server" - ] - }, - { - "name": "security.tls.v1_2_client", - "description": "An error occurred whilst running this test", - "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.2 and support for ECDH and ECDSA ciphers", - "required_result": "Required if Applicable", - "result": "Error" - }, - { - "name": "security.tls.v1_3_server", - "description": "TLS 1.3 certificate is invalid", - "expected_behavior": "TLS 1.3 certificate is issued to the web browser client when accessed", - "required_result": "Informational", - "result": "Informational", - "optional_recommendations": [ - "Enable TLS 1.3 support in the web server configuration", - "Disable TLS 1.0 and 1.1", - "Sign the certificate used by the web server" - ] + "testrun": { + "version": "2.1" + }, + "mac_addr": null, + "device": { + "mac_addr": "00:1e:42:35:73:c4", + "manufacturer": "Teltonika", + "model": "TRB140", + "firmware": "1", + "test_modules": { + "protocol": { + "enabled": false + }, + "services": { + "enabled": false + }, + "connection": { + "enabled": false + }, + "tls": { + "enabled": true + }, + "ntp": { + "enabled": false + }, + "dns": { + "enabled": false + } }, - { - "name": "security.tls.v1_3_client", - "description": "An error occurred whilst running this test", - "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.3", - "required_result": "Informational", - "result": "Error" - } - ] - }, - "report": "/report/001e42289e4a_2024-12-10T16:06:42", - "export": "/export/001e42289e4a_2024-12-10T16:06:42", - "folder_name": "001e42289e4a_2024-12-10T16:06:42" -} -] + "test_pack": "Device Qualification", + "device_profile": [ + { + "question": "What type of device is this?", + "answer": "Building Automation Gateway" + }, + { + "question": "Please select the technology this device falls into", + "answer": "Hardware - Access Control" + }, + { + "question": "Does your device process any sensitive information? ", + "answer": "No" + }, + { + "question": "Can all non-essential services be disabled on your device?", + "answer": "Yes" + }, + { + "question": "Is there a second IP port on the device?", + "answer": "Yes" + }, + { + "question": "Can the second IP port on your device be disabled?", + "answer": "No" + }, + { + "question": "Does the device UI web dashboard have a mechanism to enforce the change of default passwords, SSH, Hardcoded Accounts Credentials and factory-default API keys upon first use?", + "answer": "Yes, but can be bypassed" + }, + { + "question": "Does the device support encrypted management protocols (e.g., HTTPS, SSHv2, TLS 1.2, or TLS 1.3)?", + "answer": "Yes, only encrypted protocols" + }, + { + "question": "How are firmware updates delivered and verified on the device?", + "answer": "Automatic updates with cryptographic signature verification" + }, + { + "question": "Does the device include physical tamper-resistant features?", + "answer": "No physical tamper protection" + } + ] + }, + "status": "Non-Compliant", + "started": "2024-12-10 16:06:42", + "finished": "2024-12-10 16:08:12", + "tests": { + "total": 5, + "results": [ + { + "name": "security.tls.v1_0_client", + "description": "No outbound connections were found", + "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.0 and support", + "required_result": "Informational", + "result": "Feature Not Detected" + }, + { + "name": "security.tls.v1_2_server", + "description": "TLS 1.2 certificate is invalid", + "expected_behavior": "TLS 1.2 certificate is issued to the web browser client when accessed", + "required_result": "Required if Applicable", + "result": "Non-Compliant", + "recommendations": [ + "Enable TLS 1.2 support in the web server configuration", + "Disable TLS 1.0 and 1.1", + "Sign the certificate used by the web server" + ] + }, + { + "name": "security.tls.v1_2_client", + "description": "An error occurred whilst running this test", + "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.2 and support for ECDH and ECDSA ciphers", + "required_result": "Required if Applicable", + "result": "Error" + }, + { + "name": "security.tls.v1_3_server", + "description": "TLS 1.3 certificate is invalid", + "expected_behavior": "TLS 1.3 certificate is issued to the web browser client when accessed", + "required_result": "Informational", + "result": "Informational", + "optional_recommendations": [ + "Enable TLS 1.3 support in the web server configuration", + "Disable TLS 1.0 and 1.1", + "Sign the certificate used by the web server" + ] + }, + { + "name": "security.tls.v1_3_client", + "description": "An error occurred whilst running this test", + "expected_behavior": "The packet indicates a TLS connection with at least TLS 1.3", + "required_result": "Informational", + "result": "Error" + } + ] + }, + "report": "/report/001e42289e4a_2024-12-10T16:06:42", + "export": "/export/001e42289e4a_2024-12-10T16:06:42", + "folder_name": "001e42289e4a_2024-12-10T16:06:42" + } + ] } diff --git a/testing/api/test_api.py b/testing/api/test_api.py index 28c92467d..96b44b398 100644 --- a/testing/api/test_api.py +++ b/testing/api/test_api.py @@ -472,12 +472,16 @@ def test_start_testrun_success(empty_devices_dir, add_devices, testrun): # pylin # Assign device modules test_modules = device["test_modules"] + # Assign additional info + additional_info = device["additional_info"] + # Payload with device details payload = { "device": { "mac_addr": mac_addr, "firmware": "test", - "test_modules": test_modules + "test_modules": test_modules, + "additional_info": additional_info } } diff --git a/testing/unit/risk_profile/profiles/risk_profile_valid_high.json b/testing/unit/risk_profile/profiles/risk_profile_valid_high.json index bc23f7d0b..880a77de3 100644 --- a/testing/unit/risk_profile/profiles/risk_profile_valid_high.json +++ b/testing/unit/risk_profile/profiles/risk_profile_valid_high.json @@ -58,6 +58,48 @@ ], "risk": "High" }, + { + "question": "What types of wireless connectivity does this device support or utilize? (Select all that apply)", + "answer": [ + 0 + ], + "risk": "High" + }, + { + "question": "Are physical debug interfaces (JTAG, UART, SWD) disabled or physically inaccessible?", + "answer": "No, ports are active and accessible", + "risk": "High" + }, + { + "question": "Does the device support integration with Google's SSO or MFA for administrative access?", + "answer": "No, uses local unique or shared passwords", + "risk": "High" + }, + { + "question": "Is firmware cryptographically signed and verified during the boot process?", + "answer": "No signing used", + "risk": "High" + }, + { + "question": "How frequently are security patches released and applied to this device?", + "answer": "Rarely or no patch support", + "risk": "High" + }, + { + "question": "Does the device include audio or video recording capabilities?", + "answer": "Yes", + "risk": "High" + }, + { + "question": "Does the device generate security audit logs (e.g., login attempts, config changes)?", + "answer": "No", + "risk": "High" + }, + { + "question": "Does the device undergo regular third-party penetration testing?", + "answer": "No", + "risk": "High" + }, { "question": "Comments", "answer": "" diff --git a/testing/unit/risk_profile/profiles/risk_profile_valid_limited.json b/testing/unit/risk_profile/profiles/risk_profile_valid_limited.json index 0e817e3c3..cb22dbd57 100644 --- a/testing/unit/risk_profile/profiles/risk_profile_valid_limited.json +++ b/testing/unit/risk_profile/profiles/risk_profile_valid_limited.json @@ -57,6 +57,48 @@ ], "risk": "Limited" }, + { + "question": "What types of wireless connectivity does this device support or utilize? (Select all that apply)", + "answer": [ + 3 + ], + "risk": "Limited" + }, + { + "question": "Are physical debug interfaces (JTAG, UART, SWD) disabled or physically inaccessible?", + "answer": "Yes, disabled in hardware/firmware", + "risk": "Limited" + }, + { + "question": "Does the device support integration with Google's SSO or MFA for administrative access?", + "answer": "Yes, supports Google’s SSO or MFA", + "risk": "Limited" + }, + { + "question": "Is firmware cryptographically signed and verified during the boot process?", + "answer": "Yes, verified Secure Boot", + "risk": "Limited" + }, + { + "question": "How frequently are security patches released and applied to this device?", + "answer": "Automatically within 30 days of release", + "risk": "Limited" + }, + { + "question": "Does the device include audio or video recording capabilities?", + "answer": "No", + "risk": "Limited" + }, + { + "question": "Does the device generate security audit logs (e.g., login attempts, config changes)?", + "answer": "Yes", + "risk": "Limited" + }, + { + "question": "Does the device undergo regular third-party penetration testing?", + "answer": "Yes", + "risk": "Limited" + }, { "question": "Comments", "answer": ""