From fcb2dc0e9ba2562b3dd88bde8095f27e6d973ee2 Mon Sep 17 00:00:00 2001
From: ts <thomashaw@localhost.localdomain>
Date: Mon, 4 Feb 2019 16:52:31 +0000
Subject: [PATCH] Added NTP test. Refactored html match from
 parameterised_website into the superclass

---
 Gemfile                                       |  1 +
 Gemfile.lock                                  |  4 ++-
 lib/objects/post_provision_test.rb            | 21 +++++++++++++--
 .../secgen_test/parameterised_website.rb      | 14 ----------
 .../services/unix/ntp/ntp/secgen_test/ntp.rb  | 27 +++++++++++++++++++
 scenarios/tests/test_scenario.xml             | 11 ++++----
 secgen.rb                                     |  2 +-
 7 files changed, 56 insertions(+), 24 deletions(-)
 create mode 100644 modules/services/unix/ntp/ntp/secgen_test/ntp.rb

diff --git a/Gemfile b/Gemfile
index bc9ba0183..455954052 100644
--- a/Gemfile
+++ b/Gemfile
@@ -33,6 +33,7 @@ gem 'ruby-graphviz'
 gem 'rsa'
 gem 'gpgmeh'
 gem 'digest-sha3', :git => "http://github.com/izetex/digest-sha3-ruby"
+gem 'net-ntp'
 
 #development only gems go here
 group :test, :development do
diff --git a/Gemfile.lock b/Gemfile.lock
index 214c26f37..265befd94 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -85,6 +85,7 @@ GEM
     minitest (5.11.3)
     multi_json (1.13.1)
     multipart-post (2.0.0)
+    net-ntp (2.1.3)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
@@ -159,6 +160,7 @@ DEPENDENCIES
   librarian-puppet
   mini_exiftool_vendored
   minitest
+  net-ntp
   nokogiri
   nori
   ovirt-engine-sdk
@@ -182,4 +184,4 @@ DEPENDENCIES
   zipruby
 
 BUNDLED WITH
-   1.16.1
+   2.0.0.pre.2
diff --git a/lib/objects/post_provision_test.rb b/lib/objects/post_provision_test.rb
index ebcc7f63d..dea4e49d0 100644
--- a/lib/objects/post_provision_test.rb
+++ b/lib/objects/post_provision_test.rb
@@ -41,6 +41,7 @@ class PostProvisionTest
   # Testing Functions #
   #####################
 
+  # Test service is up (tcp)
   def test_service_up
     if is_port_open? system_ip, self.port
       self.outputs << "PASSED: Port #{self.port} is open at #{get_system_ip} (#{get_system_name})!"
@@ -49,6 +50,22 @@ class PostProvisionTest
     end
   end
 
+  # example usage for page: /index.html
+  def test_html_returned_content(page, match_string)
+
+    begin
+      source = Net::HTTP.get(get_system_ip, page, self.port)
+    rescue SocketError
+      # do nothing
+    end
+
+    if source.include? match_string
+      self.outputs << "PASSED: Content #{match_string} is contained within #{page} at #{get_system_ip}:#{self.port} (#{get_system_name})!"
+    else
+      self.outputs << "FAILED: Content #{match_string} is contained within #{page} at #{get_system_ip}:#{self.port} (#{get_system_name})!"
+    end
+  end
+
   ##################
   # Misc Functions #
   ##################
@@ -56,7 +73,7 @@ class PostProvisionTest
   def get_system_ip
     vagrant_file_path = "#{get_project_path}/Vagrantfile"
     vagrantfile = File.read(vagrant_file_path)
-    ip_line = vagrantfile.split("\n").delete_if { |line| !line.include? "# ip_address_for_#{get_system_name}"}[0]
+    ip_line = vagrantfile.split("\n").delete_if {|line| !line.include? "# ip_address_for_#{get_system_name}"}[0]
     ip_address = ip_line.split('=')[-1]
     if ip_address == "DHCP"
       self.outputs << "FAILED: Cannot test against dynamic IPs" # TODO: fix this so that we grab dynamic IP address (maybe from vagrant?)
@@ -69,7 +86,7 @@ class PostProvisionTest
   def get_json_inputs
     json_inputs_path = "#{File.expand_path('../', self.module_path)}/secgen_functions/files/json_inputs/*"
     json_inputs_files = Dir.glob(json_inputs_path)
-    json_inputs_files.delete_if { |path| !path.include?(self.module_name) }
+    json_inputs_files.delete_if {|path| !path.include?(self.module_name)}
     if json_inputs_files.size > 0
       return JSON.parse(Base64.strict_decode64(File.read(json_inputs_files.first)))
     end
diff --git a/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb b/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
index f4512644d..79b0f68b4 100644
--- a/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
+++ b/modules/services/unix/http/parameterised_website/secgen_test/parameterised_website.rb
@@ -28,20 +28,6 @@ class ParamWebsiteTest < PostProvisionTest
     test_service_up
   end
 
-  def test_html_returned_content(page, match_string)
-
-    begin
-      source = Net::HTTP.get(get_system_ip, page, self.port)
-    rescue SocketError
-      # do nothing
-    end
-
-    if source.include? match_string
-      self.outputs << "PASSED: Content #{match_string} is contained within #{page} at #{get_system_ip}:#{self.port} (#{get_system_name})!"
-    else
-      self.outputs << "FAILED: Content #{match_string} is contained within #{page} at #{get_system_ip}:#{self.port} (#{get_system_name})!"
-    end
-  end
 end
 
 ParamWebsiteTest.new.run
\ No newline at end of file
diff --git a/modules/services/unix/ntp/ntp/secgen_test/ntp.rb b/modules/services/unix/ntp/ntp/secgen_test/ntp.rb
new file mode 100644
index 000000000..75a2a8c74
--- /dev/null
+++ b/modules/services/unix/ntp/ntp/secgen_test/ntp.rb
@@ -0,0 +1,27 @@
+require_relative '../../../../../lib/post_provision_test'
+require 'net/ntp'
+
+class NTPTest < PostProvisionTest
+  def initialize
+    self.module_name = 'ntp'
+    self.module_path = get_module_path(__FILE__)
+    super
+    self.port = 123
+  end
+
+  def test_module
+    super
+    test_ntp_query #TODO
+  end
+
+  def test_ntp_query
+    begin
+      time_response = Net::NTP.get(system_ip, port).time
+      self.outputs << "PASSED: NTP responded on UDP port #{port} with #{time_response}"
+    rescue Errno::ECONNREFUSED
+      self.outputs << "FAILED: unable to connect to #{module_name} on UDP port #{port} "
+    end
+  end
+end
+
+NTPTest.new.run
\ No newline at end of file
diff --git a/scenarios/tests/test_scenario.xml b/scenarios/tests/test_scenario.xml
index 1f0c3a9bf..5d39e3819 100644
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -4,15 +4,14 @@
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
   <system>
-    <system_name>proftpd_testing</system_name>
-    <base platform="linux" distro="Debian 7.8" type="server"/>
+    <system_name>testing</system_name>
+    <base platform="linux" distro="Debian 9" type="server"/>
 
-    <!--<service type="ftp"/>-->
-    <service module_path=".*nfs_share.*"/>
-    <!--<vulnerability module_path=".*unrealirc_3281.*"/>-->
+    <service type="ftp"/>
+    <service module_path=".*ntp.*"/>
 
     <input into_datastore="IP_addresses">
-      <value>172.16.0.17</value>
+      <value>172.16.0.13</value>
     </input>
 
     <network type="private_network">
diff --git a/secgen.rb b/secgen.rb
index 9963ff87f..65f329939 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -354,7 +354,7 @@ def post_provision_tests(project_dir)
   end
   test_module_outputs.each do |output_lines|
     output_lines.each do |line|
-      if line.include? "FAILED:"
+      if line.include? "FAILED:" # todo: read exit code instead
         tests_passed = false
         Print.err line
         Print.err "Post provision tests contained failures!"