google · jboddey · May 6, 2025 · May 2, 2025 · May 2, 2025 · May 2, 2025
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -11,7 +11,7 @@ jobs:
     permissions: {}
     name:  Tests
     runs-on: ubuntu-22.04
-    timeout-minutes: 30
+    timeout-minutes: 60
     steps:
       - name: Checkout source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

diff --git a/testing/device_configs/ntp_compliant/device_config.json b/testing/device_configs/ntp_compliant/device_config.json
@@ -0,0 +1,54 @@
+{
+  "mac_addr": "02:42:aa:00:00:06",
+  "manufacturer": "Google",
+  "model": "NTP Compliant",
+  "type": "IoT Gateway",
+  "technology": "Hardware - Access Control",
+  "test_pack": "Pilot Assessment",
+  "additional_info": [
+    {
+      "question": "What type of device is this?",
+      "answer": "IoT Gateway"
+    },
+    {
+      "question": "Please select the technology this device falls into",
+      "answer": "Hardware - Access Control"
+    },
+    {
+      "question": "Does your device process any sensitive information?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Can all non-essential services be disabled on your device?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Is there a second IP port on the device?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Can the second IP port on your device be disabled?",
+      "answer": "Yes"
+    }
+  ],
+  "test_modules": {
+    "protocol": {
+      "enabled": false
+    },
+    "services": {
+      "enabled": false
+    },
+    "ntp": {
+      "enabled": true
+    },
+    "tls": {
+      "enabled": false
+    },
+    "connection": {
+      "enabled": false
+    },
+    "dns": {
+      "enabled": false
+    }  
+  }
+}
diff --git a/testing/device_configs/ntp_non_compliant/device_config.json b/testing/device_configs/ntp_non_compliant/device_config.json
@@ -0,0 +1,54 @@
+{
+  "mac_addr": "02:42:aa:00:00:07",
+  "manufacturer": "Google",
+  "model": "NTP Non Compliant",
+  "type": "IoT Gateway",
+  "technology": "Hardware - Access Control",
+  "test_pack": "Pilot Assessment",
+  "additional_info": [
+    {
+      "question": "What type of device is this?",
+      "answer": "IoT Gateway"
+    },
+    {
+      "question": "Please select the technology this device falls into",
+      "answer": "Hardware - Access Control"
+    },
+    {
+      "question": "Does your device process any sensitive information?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Can all non-essential services be disabled on your device?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Is there a second IP port on the device?",
+      "answer": "Yes"
+    },
+    {
+      "question": "Can the second IP port on your device be disabled?",
+      "answer": "Yes"
+    }
+  ],
+  "test_modules": {
+    "protocol": {
+      "enabled": false
+    },
+    "services": {
+      "enabled": false
+    },
+    "ntp": {
+      "enabled": true
+    },
+    "tls": {
+      "enabled": false
+    },
+    "connection": {
+      "enabled": false
+    },
+    "dns": {
+      "enabled": false
+    }  
+  }
+}
diff --git a/testing/docker/ci_test_device1/ntp_compliant/Dockerfile b/testing/docker/ci_test_device1/ntp_compliant/Dockerfile
@@ -0,0 +1,19 @@
+
+FROM ubuntu@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Update the package list and upgrade the installed packages to their latest versions
+RUN apt-get update && apt-get -y upgrade
+
+# Install the necessary packages
+RUN apt-get update && apt-get install -y isc-dhcp-client netcat-openbsd arping ntpdate
+
+# Clean up the package lists to reduce the image size
+RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/testing/docker/ci_test_device1/ntp_compliant/entrypoint.sh b/testing/docker/ci_test_device1/ntp_compliant/entrypoint.sh
@@ -0,0 +1,52 @@
+#!/bin/bash -x
+
+# Display network interfaces
+ip a
+
+# Set paths and servers
+NTP_SERVER=10.10.10.5
+INTF=eth0
+
+# DHCP
+ip addr flush dev $INTF
+PID_FILE=/var/run/dhclient.pid
+if [ -f $PID_FILE ]; then
+    kill -9 $(cat $PID_FILE) || true
+    rm -f $PID_FILE
+fi
+dhclient -v $INTF
+DHCP_TPID=$!
+echo $DHCP_TPID
+
+# NTP MODULE
+# NTP support (ntp.network.ntp_support)
+ntpdate -u -t 10 -q $NTP_SERVER
+
+# Check if the NTP request was successful
+if [ $? -eq 0 ]; then
+  echo "NTP request succeeded to $NTP_SERVER."
+else
+  echo "NTP request failed"
+fi
+
+# Obtain NTP server from DHCP and simulate NTP request (ntp.network.ntp_dhcp)
+dhclient -v -sf /usr/sbin/ntpdate eth0
+
+# Check if the DHCP server provided an NTP server and if the NTP request was successful
+if grep -q "ntp-servers" /var/lib/dhcp/dhclient.leases; then
+  grep "option ntp-servers" /var/lib/dhcp/dhclient.leases | awk '{print $3}' | while read ntp_server; do
+    echo "NTP request sent to DHCP-provided server: $ntp_server"
+    sudo ntpdate -q $NTP_SERVER
+    echo "NTP request sent to DHCP-provided server: $NTP_SERVER"
+    done
+else
+  echo "No NTP server provided by DHCP."
+fi
+
+# Keep network monitoring (can refactor later for other network modules)
+(while true; do arping 10.10.10.1; sleep 10; done) &
+(while true; do ip a | cat; sleep 10; done) &
+
+# Keep the script running
+tail -f /dev/null
+
diff --git a/testing/docker/ci_test_device1/ntp_non_compliant/Dockerfile b/testing/docker/ci_test_device1/ntp_non_compliant/Dockerfile
@@ -0,0 +1,19 @@
+
+FROM ubuntu@sha256:e6173d4dc55e76b87c4af8db8821b1feae4146dd47341e4d431118c7dd060a74
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Update the package list and upgrade the installed packages to their latest versions
+RUN apt-get update && apt-get -y upgrade
+
+# Install the necessary packages
+RUN apt-get update && apt-get install -y isc-dhcp-client netcat-openbsd arping
+
+# Clean up the package lists to reduce the image size
+RUN apt-get clean && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/testing/docker/ci_test_device1/ntp_non_compliant/entrypoint.sh b/testing/docker/ci_test_device1/ntp_non_compliant/entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/bash -x
+
+# Display network interfaces
+ip a
+
+# Set paths and servers
+NTP_SERVER=10.10.10.5
+INTF=eth0
+
+# DHCP
+ip addr flush dev $INTF
+PID_FILE=/var/run/dhclient.pid
+if [ -f $PID_FILE ]; then
+    kill -9 $(cat $PID_FILE) || true
+    rm -f $PID_FILE
+fi
+dhclient -v $INTF
+DHCP_TPID=$!
+echo $DHCP_TPID
+
+# Keep network monitoring (can refactor later for other network modules)
+(while true; do arping 10.10.10.1; sleep 10; done) &
+(while true; do ip a | cat; sleep 10; done) &
+
+# Keep the script running
+tail -f /dev/null
+
diff --git a/testing/tests/test_tests b/testing/tests/test_tests
@@ -25,6 +25,8 @@ TEST_CONTAINERS=(
   dns_non_compliant
   services_compliant
   services_non_compliant
+  ntp_non_compliant
+  ntp_compliant
 )
 
 # Remove and recreate results directory

diff --git a/testing/tests/test_tests.json b/testing/tests/test_tests.json
@@ -59,6 +59,24 @@
             "security.services.snmpv3": "Non-Compliant",
             "security.services.tftp": "Non-Compliant"
         }
+    },
+
+    "ntp_compliant": {
+        "image": "testrun/ntp_compliant",
+        "ethmac": "02:42:aa:00:00:06",
+        "expected_results": {
+            "ntp.network.ntp_support": "Compliant",
+            "ntp.network.ntp_dhcp": "Compliant"
+        }
+    },
+
+    "ntp_non_compliant": {
+        "image": "testrun/ntp_non_compliant",
+        "ethmac": "02:42:aa:00:00:07",
+        "expected_results": {
+            "ntp.network.ntp_support": "Non-Compliant",
+            "ntp.network.ntp_dhcp": "Feature Not Detected"
+        }
     }
 
 }