From 728863774e2c9a5a64dafab076427514f4af1719 Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Mon, 6 Oct 2025 11:31:15 +0200 Subject: [PATCH 1/3] convert details to the list of strings --- framework/python/src/common/testreport.py | 2 + framework/python/src/core/session.py | 7 ++- modules/test/tls/python/src/tls_module.py | 28 +++++----- modules/test/tls/python/src/tls_util.py | 62 +++++++++++++---------- 4 files changed, 58 insertions(+), 41 deletions(-) diff --git a/framework/python/src/common/testreport.py b/framework/python/src/common/testreport.py index af1563b84..503ef659d 100644 --- a/framework/python/src/common/testreport.py +++ b/framework/python/src/common/testreport.py @@ -139,6 +139,8 @@ def to_json(self): details = test.details if isinstance(details, str): details = list(filter(lambda s: s!='', details.split('\n'))) + if isinstance(details, list): + details = ' '.join(details) test_dict = { 'name': test.name, 'description': test.description, diff --git a/framework/python/src/core/session.py b/framework/python/src/core/session.py index 22da5145a..29ce8acb4 100644 --- a/framework/python/src/core/session.py +++ b/framework/python/src/core/session.py @@ -454,7 +454,12 @@ def add_test_result(self, result): test_result.description = result.description # Add details to test result - test_result.details = result.details + details = result.details + if isinstance(details, str): + details = list(filter(lambda s: s!='', details.split('\n'))) + if isinstance(details, list): + details = ' '.join(details) + test_result.details = details # Add recommendations if provided if result.recommendations is not None: diff --git a/modules/test/tls/python/src/tls_module.py b/modules/test/tls/python/src/tls_module.py index c6c9ca86c..cc71bac12 100644 --- a/modules/test/tls/python/src/tls_module.py +++ b/modules/test/tls/python/src/tls_module.py @@ -366,7 +366,7 @@ def _security_tls_v1_2_server(self): ports_valid = [] ports_invalid = [] result = None - details = '' + details = [] description = '' if self._device_ipv4_addr is not None: if self._scan_results is None: @@ -389,7 +389,7 @@ def _security_tls_v1_2_server(self): if port_results is not None: result = port_results[ 0] if result is None else result and port_results[0] - details += port_results[1] + details.extend(port_results[1]) if port_results[0]: ports_valid.append(port) else: @@ -397,7 +397,7 @@ def _security_tls_v1_2_server(self): elif 'HTTP' in service_type: # Any non-HTTPS service detetcted is automatically invalid ports_invalid.append(port) - details += f'\nHTTP service detected on port {port}' + details.append(f'HTTP service detected on port {port}.') result = False LOGGER.debug(f'Valid Ports: {ports_valid}') LOGGER.debug(f'Invalid Ports: {ports_invalid}') @@ -405,7 +405,7 @@ def _security_tls_v1_2_server(self): if result is None: result = 'Feature Not Detected' description = 'TLS 1.2 certificate could not be validated' - details = 'TLS 1.2 certificate could not be validated' + details.append('TLS 1.2 certificate could not be validated.') # If TLS 1.2 cert is not valid but TLS 1.3 is valid test is Compliant elif result and not tls_1_2_results[0] and tls_1_3_results[0]: ports_csv = ','.join(map(str,ports_valid)) @@ -421,7 +421,7 @@ def _security_tls_v1_2_server(self): else: LOGGER.error('Could not resolve device IP address. Skipping') description = 'Could not resolve device IP address' - details = 'Could not resolve device IP address' + details.append('Could not resolve device IP address.') return 'Error', description, details def _security_tls_v1_3_server(self): @@ -431,7 +431,7 @@ def _security_tls_v1_3_server(self): ports_valid = [] ports_invalid = [] result = None - details = '' + details = [] description = '' if self._device_ipv4_addr is not None: if self._scan_results is None: @@ -446,7 +446,7 @@ def _security_tls_v1_3_server(self): if port_results is not None: result = port_results[ 0] if result is None else result and port_results[0] - details += port_results[1] + details.extend(port_results[1]) if port_results[0]: ports_valid.append(port) else: @@ -454,7 +454,7 @@ def _security_tls_v1_3_server(self): elif 'HTTP' in service_type: # Any non-HTTPS service detetcted is automatically invalid ports_invalid.append(port) - details += f'\nHTTP service detected on port {port}' + details.append(f'HTTP service detected on port {port}.') result = False LOGGER.debug(f'Valid Ports: {ports_valid}') LOGGER.debug(f'Invalid Ports: {ports_invalid}') @@ -497,8 +497,12 @@ def _security_tls_v1_0_client(self): else: result_state = False result_message = 'TLS 1.0 or higher was not detected' - result_details = tls_1_0_valid[2] + tls_1_1_valid[2] + tls_1_2_valid[ - 2] + tls_1_3_valid[2] + result_details = [ + *tls_1_0_valid[2], + *tls_1_1_valid[2], + *tls_1_2_valid[2], + *tls_1_3_valid[2] + ] result_tags = list( set(tls_1_0_valid[3] + tls_1_1_valid[3] + tls_1_2_valid[3] + tls_1_3_valid[3])) @@ -531,11 +535,11 @@ def _validate_tls_client(self, # Generate results based on the state result_state = None result_message = '' - result_details = '' + result_details = [] result_tags = [] if client_results[0] is not None: - result_details = client_results[1] + result_details.append(client_results[1]) if client_results[0]: result_state = True result_message = f'TLS {tls_version} client connections valid' diff --git a/modules/test/tls/python/src/tls_util.py b/modules/test/tls/python/src/tls_util.py index 37d7decdb..6e8623b7e 100644 --- a/modules/test/tls/python/src/tls_util.py +++ b/modules/test/tls/python/src/tls_util.py @@ -381,40 +381,46 @@ def get_certificate(self, uri, timeout=10): LOGGER.error(f'Error fetching certificate from URI: {e}') return certificate - def process_tls_server_results(self, tls_1_2_results, tls_1_3_results, port): + def process_tls_server_results(self, + tls_1_2_results : list, + tls_1_3_results: list, + port: str) -> tuple[str| None, list]: results = '' + details = [] + positive_1_2 = '' if tls_1_2_results[0] else 'not ' + positive_1_3 = '' if tls_1_3_results[0] else 'not ' if tls_1_2_results[0] is None and tls_1_3_results[0] is not None: # Validate only TLS 1.3 results - description = (f"""TLS 1.3 {'' if tls_1_3_results[0] else 'not '}""" - f"""validated on port {port}: """ - f"""{tls_1_3_results[1]}""") - results = tls_1_3_results[0], description + msg = f'TLS 1.3 {positive_1_3} validated on port {port}:' + details.append(msg) + details.extend(tls_1_3_results[1]) + results = tls_1_3_results[0], details elif tls_1_3_results[0] is None and tls_1_2_results[0] is not None: # Vaidate only TLS 1.2 results - description = (f"""TLS 1.2 {'' if tls_1_2_results[0] else 'not '}""" - f"""validated on port {port}: """ - f"""{tls_1_2_results[1]}""") - results = tls_1_2_results[0], description + details.append(f'TLS 1.2 {positive_1_2} validated on port {port}:') + details.extend(tls_1_2_results[1]) + results = tls_1_2_results[0], details elif tls_1_2_results[0] is not None and tls_1_3_results[0] is not None: # Validate both results - description = (f"""TLS 1.2 {'' if tls_1_2_results[0] else 'not '}""" - f"""validated on port {port}: """ - f"""{tls_1_2_results[1]}""") - description += '\n' + ( - f"""TLS 1.3 {'' if tls_1_3_results[0] else 'not '}""" - f"""validated on port {port}: """ - f"""{tls_1_3_results[1]}""") - results = tls_1_2_results[0] or tls_1_3_results[0], description + details.append(f'TLS 1.2 {positive_1_2} validated on port {port}:') + details.extend(tls_1_2_results[1]) + details.append(f'TLS 1.3 {positive_1_3} validated on port {port}:') + details.extend(tls_1_3_results[1]) + results = tls_1_2_results[0] or tls_1_3_results[0], details else: - description = (f"""TLS 1.2 not validated on port {port}: """ - f"""{tls_1_2_results[1]}""") - description += '\n' + (f"""TLS 1.3 not validated on port {port}: """ - f"""{tls_1_3_results[1]}""") - results = None, description + details.append(f'TLS 1.2 not validated on port {port}:') + details.extend(tls_1_2_results[1]) + details.append(f'TLS 1.3 not validated on port {port}:') + details.extend(tls_1_3_results[1]) + results = None, details LOGGER.info('TLS server test results: ' + str(results)) return results - def validate_tls_server(self, host, tls_version, port=443): + def validate_tls_server(self, + host: str, + tls_version: str, + port: int=443 + ) -> tuple[bool| None, list| str]: cert_pem = self.get_public_certificate(host=host, port=port, validate_cert=False, @@ -446,9 +452,9 @@ def validate_tls_server(self, host, tls_version, port=443): # Check results cert_valid = tr_valid[0] and key_valid[0] and sig_valid[0] - test_details = tr_valid[1] + '\n' + key_valid[1] + '\n' + sig_valid[1] + details = [tr_valid[1],key_valid[1], sig_valid[1]] LOGGER.info('Certificate validated: ' + str(cert_valid)) - return cert_valid, test_details + return cert_valid, details else: LOGGER.info('Failed to resolve public certificate') return None, 'Failed to resolve public certificate' @@ -826,7 +832,7 @@ def validate_tls_client(self, f'\nAllowing non-TLS traffic to private subnet {ip}') elif ip not in tls_client_ips: tls_client_valid = False - tls_client_details += f'''\nNon-TLS connection detected to {ip}''' + tls_client_details += f'''Non-TLS connection detected to {ip}\n''' else: LOGGER.info(f'''TLS connection detected to {ip}. Ignoring non-TLS traffic detected to this IP''') @@ -838,8 +844,8 @@ def validate_tls_client(self, tls_client_valid = False for ip, tls_versions in unsupported_tls_ips.items(): for version in tls_versions: - tls_client_details += f'''\nUnsupported TLS {version} - connection detected to {ip}''' + tls_client_details += f'''Unsupported TLS {version} + connection detected to {ip}\n''' return tls_client_valid, tls_client_details def is_ecdh_and_ecdsa(self, ciphers): From 16b266a9164c25bd684a1dcda47a5f607ffe6050 Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Mon, 6 Oct 2025 19:45:31 +0200 Subject: [PATCH 2/3] unit tests --- modules/test/tls/python/src/tls_util.py | 40 ++++-- testing/unit/tls/tls_module_test.py | 183 +++++++++++++----------- 2 files changed, 130 insertions(+), 93 deletions(-) diff --git a/modules/test/tls/python/src/tls_util.py b/modules/test/tls/python/src/tls_util.py index 6e8623b7e..3ac2bdb3d 100644 --- a/modules/test/tls/python/src/tls_util.py +++ b/modules/test/tls/python/src/tls_util.py @@ -391,27 +391,45 @@ def process_tls_server_results(self, positive_1_3 = '' if tls_1_3_results[0] else 'not ' if tls_1_2_results[0] is None and tls_1_3_results[0] is not None: # Validate only TLS 1.3 results - msg = f'TLS 1.3 {positive_1_3} validated on port {port}:' + msg = f'TLS 1.3 {positive_1_3}validated on port {port}:' details.append(msg) - details.extend(tls_1_3_results[1]) + if isinstance(tls_1_3_results[1], list): + details.extend(tls_1_3_results[1]) + else: + details.append(tls_1_3_results[1]) results = tls_1_3_results[0], details elif tls_1_3_results[0] is None and tls_1_2_results[0] is not None: # Vaidate only TLS 1.2 results - details.append(f'TLS 1.2 {positive_1_2} validated on port {port}:') - details.extend(tls_1_2_results[1]) + details.append(f'TLS 1.2 {positive_1_2}validated on port {port}:') + if isinstance(tls_1_2_results[1], list): + details.extend(tls_1_2_results[1]) + else: + details.append(tls_1_2_results[1]) results = tls_1_2_results[0], details elif tls_1_2_results[0] is not None and tls_1_3_results[0] is not None: # Validate both results - details.append(f'TLS 1.2 {positive_1_2} validated on port {port}:') - details.extend(tls_1_2_results[1]) - details.append(f'TLS 1.3 {positive_1_3} validated on port {port}:') - details.extend(tls_1_3_results[1]) + details.append(f'TLS 1.2 {positive_1_2}validated on port {port}:') + if isinstance(tls_1_2_results[1], list): + details.extend(tls_1_2_results[1]) + else: + details.append(tls_1_2_results[1]) + details.append(f'TLS 1.3 {positive_1_3}validated on port {port}:') + if isinstance(tls_1_3_results[1], list): + details.extend(tls_1_3_results[1]) + else: + details.append(tls_1_3_results[1]) results = tls_1_2_results[0] or tls_1_3_results[0], details else: details.append(f'TLS 1.2 not validated on port {port}:') - details.extend(tls_1_2_results[1]) + if isinstance(tls_1_2_results[1], list): + details.extend(tls_1_2_results[1]) + else: + details.append(tls_1_2_results[1]) details.append(f'TLS 1.3 not validated on port {port}:') - details.extend(tls_1_3_results[1]) + if isinstance(tls_1_3_results[1], list): + details.extend(tls_1_3_results[1]) + else: + details.append(tls_1_3_results[1]) results = None, details LOGGER.info('TLS server test results: ' + str(results)) return results @@ -621,7 +639,7 @@ def process_hello_packets(self, 'Allowing protocol connection, cipher check failure ignored.') protocol_name = allowed_protocol_client_ips[packet['dst_ip']] packet['protocol_details'] = ( - f'\nAllowing {protocol_name} traffic to {packet["dst_ip"]}') + f'\nAllowing {protocol_name} traffic to {packet['dst_ip']}') client_hello_results['valid'].append(packet) else: # No cipher check for TLS 1.0, 1.1 or TLS 1.3 diff --git a/testing/unit/tls/tls_module_test.py b/testing/unit/tls/tls_module_test.py index cf4ee58c1..ee1b5c48b 100644 --- a/testing/unit/tls/tls_module_test.py +++ b/testing/unit/tls/tls_module_test.py @@ -80,7 +80,7 @@ def security_tls_v1_2_server_no_ip_test(self): self.assertEqual(result, 'Error') self.assertEqual(description, 'Could not resolve device IP address') - self.assertEqual(details, 'Could not resolve device IP address') + self.assertEqual(details, ['Could not resolve device IP address.']) def security_tls_v1_2_server_no_scan_results_test(self): """Tests _security_tls_v1_2_server when scan finds no HTTP/HTTPS ports""" @@ -92,7 +92,7 @@ def security_tls_v1_2_server_no_scan_results_test(self): self.assertEqual(result, 'Feature Not Detected') self.assertEqual(description, 'TLS 1.2 certificate could not be validated') - self.assertEqual(details, 'TLS 1.2 certificate could not be validated') + self.assertEqual(details, ['TLS 1.2 certificate could not be validated.']) def security_tls_v1_2_server_scan_failure_test(self): """Tests _security_tls_v1_2_server when scan fails""" @@ -103,7 +103,7 @@ def security_tls_v1_2_server_scan_failure_test(self): self.assertEqual(result, 'Feature Not Detected') self.assertEqual(description, 'TLS 1.2 certificate could not be validated') - self.assertEqual(details, 'TLS 1.2 certificate could not be validated') + self.assertEqual(details, ['TLS 1.2 certificate could not be validated.']) @patch('tls_module.TLSUtil.validate_tls_server') def security_tls_v1_2_server_no_tls_v1_3_test(self, mock_validate_tls_server): @@ -116,9 +116,14 @@ def security_tls_v1_2_server_no_tls_v1_3_test(self, mock_validate_tls_server): def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version == '1.2': - return (True, 'Time range valid\nPublic key valid\nSignature valid') + return (True, [ + 'Time range valid', + 'Public key valid', + 'Signature valid' + ] + ) elif tls_version == '1.3': - return (None, 'Failed to resolve public certificate') + return (None, ['Failed to resolve public certificate']) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -126,12 +131,12 @@ def validate_side_effect(**kwargs): self.assertEqual(result, True) self.assertEqual(description, 'TLS 1.2 certificate valid on ports: 443') - expected_details = ( - 'TLS 1.2 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' + expected_details = [ + 'TLS 1.2 validated on port 443:', + 'Time range valid', + 'Public key valid', 'Signature valid' - ) + ] self.assertEqual(details, expected_details) @patch('tls_module.TLSUtil.validate_tls_server') @@ -154,7 +159,7 @@ def validate_side_effect(**kwargs): self.assertEqual(result, 'Feature Not Detected') self.assertEqual(description, 'TLS 1.2 certificate could not be validated') - self.assertEqual(details, 'TLS 1.2 certificate could not be validated') + self.assertEqual(details, ['TLS 1.2 certificate could not be validated.']) @patch('tls_module.TLSUtil.validate_tls_server') def security_tls_v1_2_server_compliant_invalid_v1_2_cert_test(self, @@ -171,9 +176,12 @@ def security_tls_v1_2_server_compliant_invalid_v1_2_cert_test(self, def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version == '1.2': - return (False, 'Certificate has expired') + return (False, ['Certificate has expired']) elif tls_version == '1.3': - return (True, 'Time range valid\nPublic key valid\nSignature valid') + return (True, ['Time range valid', + 'Public key valid', + 'Signature valid'] + ) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -186,14 +194,14 @@ def validate_side_effect(**kwargs): ) self.assertEqual(description, expected_description ) - expected_details = ( - 'TLS 1.2 not validated on port 443: ' - 'Certificate has expired' - '\nTLS 1.3 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' + expected_details = [ + 'TLS 1.2 not validated on port 443:', + 'Certificate has expired', + 'TLS 1.3 validated on port 443:', + 'Time range valid', + 'Public key valid', 'Signature valid' - ) + ] self.assertEqual(details, expected_details) @patch('tls_module.TLSUtil.validate_tls_server') @@ -210,9 +218,9 @@ def security_tls_v1_2_server_non_compliant_invalid_1_2_and_1_3_cert_test(self, def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version == '1.2': - return (False, 'Certificate has expired') + return (False, ['Certificate has expired']) elif tls_version == '1.3': - return (False, 'Device certificate has not been signed') + return (False, ['Device certificate has not been signed']) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -221,12 +229,12 @@ def validate_side_effect(**kwargs): self.assertEqual(result, False) self.assertEqual(description, 'TLS 1.2 certificate invalid on ports: 443') - expected_details = ( - 'TLS 1.2 not validated on port 443: ' - 'Certificate has expired' - '\nTLS 1.3 not validated on port 443: ' + expected_details = [ + 'TLS 1.2 not validated on port 443:', + 'Certificate has expired', + 'TLS 1.3 not validated on port 443:', 'Device certificate has not been signed' - ) + ] self.assertEqual(details, expected_details) @patch('tls_module.TLSUtil.validate_tls_server') @@ -240,7 +248,12 @@ def security_tls_v1_2_server_v1_2_v1_3_test(self, mock_validate_tls_server): def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version in ['1.2', '1.3']: - return (True, 'Time range valid\nPublic key valid\nSignature valid') + return (True, [ + 'Time range valid', + 'Public key valid', + 'Signature valid' + ] + ) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -248,16 +261,16 @@ def validate_side_effect(**kwargs): self.assertEqual(result, True) self.assertEqual(description, 'TLS 1.2 certificate valid on ports: 443') - expected_details = ( - 'TLS 1.2 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - '\nTLS 1.3 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' + expected_details = [ + 'TLS 1.2 validated on port 443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'TLS 1.3 validated on port 443:', + 'Time range valid', + 'Public key valid', 'Signature valid' - ) + ] self.assertEqual(details, expected_details) @patch('tls_module.TLSUtil.validate_tls_server') @@ -272,7 +285,10 @@ def security_tls_v1_2_multiple_https_servers_test(self, def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version in ['1.2', '1.3']: - return (True, 'Time range valid\nPublic key valid\nSignature valid') + return (True, ['Time range valid', + 'Public key valid', + 'Signature valid'] + ) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -282,24 +298,24 @@ def validate_side_effect(**kwargs): expected_description = 'TLS 1.2 certificate valid on ports: 443,8443' self.assertEqual(description, expected_description) - expected_details = ( - 'TLS 1.2 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - '\nTLS 1.3 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - 'TLS 1.2 validated on port 8443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - '\nTLS 1.3 validated on port 8443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - ) + expected_details = [ + 'TLS 1.2 validated on port 443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'TLS 1.3 validated on port 443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'TLS 1.2 validated on port 8443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'TLS 1.3 validated on port 8443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + ] self.assertEqual(details, expected_details) @patch('tls_module.TLSUtil.validate_tls_server') @@ -313,7 +329,10 @@ def security_tls_v1_2_server_http_test(self, mock_validate_tls_server): def validate_side_effect(**kwargs): tls_version = kwargs.get('tls_version') if tls_version in ['1.2', '1.3']: - return (True, 'Time range valid\nPublic key valid\nSignature valid') + return (True, ['Time range valid', + 'Public key valid', + 'Signature valid'] + ) mock_validate_tls_server.side_effect = validate_side_effect result, description, details = self.tls_module._security_tls_v1_2_server() # pylint: disable=W0212 @@ -321,17 +340,17 @@ def validate_side_effect(**kwargs): self.assertEqual(result, False) self.assertEqual(description, 'TLS 1.2 certificate invalid on ports: 80') - expected_details = ( - 'TLS 1.2 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - '\nTLS 1.3 validated on port 443: ' - 'Time range valid\n' - 'Public key valid\n' - 'Signature valid' - '\nHTTP service detected on port 80' - ) + expected_details = [ + 'TLS 1.2 validated on port 443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'TLS 1.3 validated on port 443:', + 'Time range valid', + 'Public key valid', + 'Signature valid', + 'HTTP service detected on port 80.' + ] self.assertEqual(details, expected_details) # Test 1.2 server when only 1.2 connection is established @@ -390,22 +409,22 @@ def security_tls_server_results_test(self): # Both None tls_1_2_results = None, none_message tls_1_3_results = None, none_message - expected = None, (f'TLS 1.2 not validated on port 443: {none_message}\n' - f'TLS 1.3 not validated on port 443: {none_message}') + expected = None, ['TLS 1.2 not validated on port 443:', none_message, + 'TLS 1.3 not validated on port 443:', none_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) # TLS 1.2 Pass and TLS 1.3 None tls_1_2_results = True, success_message - expected = True, f'TLS 1.2 validated on port 443: {success_message}' + expected = True, ['TLS 1.2 validated on port 443:', success_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) # TLS 1.2 Fail and TLS 1.3 None tls_1_2_results = False, fail_message - expected = False, f'TLS 1.2 not validated on port 443: {fail_message}' + expected = False, ['TLS 1.2 not validated on port 443:', fail_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) @@ -413,14 +432,14 @@ def security_tls_server_results_test(self): # TLS 1.3 Pass and TLS 1.2 None tls_1_2_results = None, fail_message tls_1_3_results = True, success_message - expected = True, f'TLS 1.3 validated on port 443: {success_message}' + expected = True, ['TLS 1.3 validated on port 443:', success_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) # TLS 1.3 Fail and TLS 1.2 None tls_1_3_results = False, fail_message - expected = False, f'TLS 1.3 not validated on port 443: {fail_message}' + expected = False, ['TLS 1.3 not validated on port 443:', fail_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) @@ -428,8 +447,8 @@ def security_tls_server_results_test(self): # TLS 1.2 Pass and TLS 1.3 Pass tls_1_2_results = True, success_message tls_1_3_results = True, success_message - expected = True, (f'TLS 1.2 validated on port 443: {success_message}\n' - f'TLS 1.3 validated on port 443: {success_message}') + expected = True, ['TLS 1.2 validated on port 443:', success_message, + 'TLS 1.3 validated on port 443:', success_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) @@ -438,8 +457,8 @@ def security_tls_server_results_test(self): # TLS 1.2 Pass and TLS 1.3 Fail tls_1_2_results = True, success_message tls_1_3_results = False, fail_message - expected = True, (f'TLS 1.2 validated on port 443: {success_message}\n' - f'TLS 1.3 not validated on port 443: {fail_message}') + expected = True, ['TLS 1.2 validated on port 443:', success_message, + 'TLS 1.3 not validated on port 443:', fail_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) @@ -447,16 +466,16 @@ def security_tls_server_results_test(self): # TLS 1.2 Fail and TLS 1.2 Pass tls_1_2_results = False, fail_message tls_1_3_results = True, success_message - expected = True, (f'TLS 1.2 not validated on port 443: {fail_message}\n' - f'TLS 1.3 validated on port 443: {success_message}') + expected = True, ['TLS 1.2 not validated on port 443:', fail_message, + 'TLS 1.3 validated on port 443:', success_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) # TLS 1.2 Fail and TLS 1.2 Fail tls_1_3_results = False, fail_message - expected = False, (f'TLS 1.2 not validated on port 443: {fail_message}\n' - f'TLS 1.3 not validated on port 443: {fail_message}') + expected = False, ['TLS 1.2 not validated on port 443:', fail_message, + 'TLS 1.3 not validated on port 443:', fail_message] result = TLS_UTIL.process_tls_server_results(tls_1_2_results, tls_1_3_results,port=443) self.assertEqual(result, expected) From 53b7d2df4d8c2f7fd99a64bb4e8e4b7532aeaf46 Mon Sep 17 00:00:00 2001 From: Aliaksandr Nikitsin Date: Tue, 7 Oct 2025 11:58:55 +0200 Subject: [PATCH 3/3] pylint --- modules/test/tls/python/src/tls_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/test/tls/python/src/tls_util.py b/modules/test/tls/python/src/tls_util.py index 3ac2bdb3d..f8346f523 100644 --- a/modules/test/tls/python/src/tls_util.py +++ b/modules/test/tls/python/src/tls_util.py @@ -639,7 +639,7 @@ def process_hello_packets(self, 'Allowing protocol connection, cipher check failure ignored.') protocol_name = allowed_protocol_client_ips[packet['dst_ip']] packet['protocol_details'] = ( - f'\nAllowing {protocol_name} traffic to {packet['dst_ip']}') + f'\nAllowing {protocol_name} traffic to {packet["dst_ip"]}') # pylint: disable=W1405 client_hello_results['valid'].append(packet) else: # No cipher check for TLS 1.0, 1.1 or TLS 1.3