Skip to content
Closed
4 changes: 2 additions & 2 deletions modules/test/base/base.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

# Builder stage
# Image name: testrun/base-test
FROM python:3.10-slim AS builder
FROM python:3.13-slim AS builder

ARG MODULE_NAME=base
ARG MODULE_DIR=modules/test/$MODULE_NAME
Expand Down Expand Up @@ -65,7 +65,7 @@ COPY $MODULE_DIR/usr/local/etc/oui.txt /usr/local/etc/oui.txt
RUN wget https://standards-oui.ieee.org/oui.txt -O /usr/local/etc/oui.txt || echo "Unable to update the MAC OUI database"

# Operational stage
FROM python:3.10-slim
FROM python:3.13-slim

# Install common software
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -yq net-tools iputils-ping tzdata tcpdump iproute2 jq dos2unix nmap wget procps --fix-missing
Expand Down
8 changes: 4 additions & 4 deletions modules/test/conn/python/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
# Package dependencies should always be defined before the user defined
# packages to prevent auto-upgrades of stable dependencies
cffi==2.0.0
cryptography==46.0.6
pycparser==2.22
six==1.16.0
cryptography==48.0.1
pycparser==3.0
six==1.17.0

# User defined packages
pyOpenSSL==25.3.0
pyOpenSSL==26.2.0
scapy==2.7.0
python-dateutil==2.9.0.post0
2 changes: 1 addition & 1 deletion modules/test/ntp/python/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@
# User defined packages
scapy==2.7.0
pyshark==0.6
aiohttp==3.13.5
aiohttp==3.14.1
ntplib==0.4.0
4 changes: 2 additions & 2 deletions modules/test/protocol/python/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Dependencies to user defined packages
# Package dependencies should always be defined before the user defined
# packages to prevent auto-upgrades of stable dependencies
bacpypes3==0.0.104
bacpypes3==0.0.106
colorama==0.4.6

# User defined packages
Expand All @@ -11,4 +11,4 @@ BAC0==2025.9.15
pytz==2024.2

# Required for Modbus protocol tests
pymodbus==3.7.4
pymodbus==3.13.0
22 changes: 13 additions & 9 deletions modules/test/protocol/python/src/protocol_modbus.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,8 @@ def read_holding_registers(self,
LOGGER.info(f'Reading holding registers: {address}:{count}')
try:
response = self.client.read_holding_registers(address,
count,
slave=device_id)
count=count,
device_id=device_id)
if response.isError():
LOGGER.error(f'Failed to read holding registers: {address}:{count}')
LOGGER.error('Read Response: ' + str(response))
Expand All @@ -149,9 +149,9 @@ def read_input_registers(self,
registers = None
LOGGER.info(f'Reading input registers: {address}:{count}')
try:
response = self.client.read_input_registers(address,
count,
slave=device_id)
response = self.client.read_input_registers(address=address,
count=count,
device_id=device_id)
if response.isError():
LOGGER.error(f'Failed to read input registers: {address}:{count}')
LOGGER.error('Read Response: ' + str(response))
Expand All @@ -170,7 +170,11 @@ def read_coils(self,
coils = None
LOGGER.info(f'Reading coil registers: {address}:{count}')
try:
response = self.client.read_coils(address, count, slave=device_id)
response = self.client.read_coils(
address=address,
count=count,
device_id=device_id
)
if response.isError():
LOGGER.error(f'Failed to read coil registers: {address}:{count}')
LOGGER.error('Read Response: ' + str(response))
Expand All @@ -189,9 +193,9 @@ def read_discrete_inputs(self,
inputs = None
LOGGER.info(f'Reading discrete inputs: {address}:{count}')
try:
response = self.client.read_discrete_inputs(address,
count,
slave=device_id)
response = self.client.read_discrete_inputs(address=address,
count=count,
device_id=device_id)
if response.isError():
LOGGER.error(f'Failed to read discrete inputs: {address}:{count}')
LOGGER.error('Read Response: ' + str(response))
Expand Down
2 changes: 1 addition & 1 deletion modules/test/services/python/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
# packages to prevent auto-upgrades of stable dependencies

# User defined packages
xmltodict==0.14.2
xmltodict==1.0.4
22 changes: 11 additions & 11 deletions modules/test/tls/python/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,20 @@
# Package dependencies should always be defined before the user defined
# packages to prevent auto-upgrades of stable dependencies
appdirs==1.4.4
certifi==2024.8.30
certifi==2026.5.20
cffi==2.0.0
charset-normalizer==3.3.2
idna==3.8
packaging==24.1
pycparser==2.22
charset-normalizer==3.4.7
idna==3.18
packaging==26.2
pycparser==3.0
pyshark==0.6
termcolor==2.4.0
urllib3==2.6.3
termcolor==3.3.0
urllib3==2.7.0

# User defined packages
cryptography==46.0.6
pyOpenSSL==25.3.0
lxml==5.1.0 # Requirement of pyshark but if upgraded automatically above 5.1 will cause a
requests==2.33.0
cryptography==48.0.1
pyOpenSSL==26.2.0
lxml==6.1.1
requests==2.34.2
python-nmap==0.7.1

73 changes: 40 additions & 33 deletions test_vm/create_certificate.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,35 +6,42 @@ if [ -z "$1" ]; then
exit 1
fi

if [ "$EUID" -eq 0 ]; then
echo "Please run this script as a normal user, not with sudo."
echo "The script uses Vagrant SSH and only escalates the necessary host operations when required."
exit 1
fi

# Save the initial working directory
WORKDIR="$(pwd)"

# Check and install sshpass if not present
if ! command -v sshpass &> /dev/null; then
echo "sshpass not found. Installing..."
if [ -x "$(command -v apt)" ]; then
sudo apt update
sudo apt install -y sshpass
elif [ -x "$(command -v yum)" ]; then
sudo yum install -y epel-release
sudo yum install -y sshpass
elif [ -x "$(command -v brew)" ]; then
brew install hudochenkov/sshpass/sshpass
else
echo "Please install sshpass manually."
exit 1
fi
if ! command -v vagrant >/dev/null 2>&1; then
echo "Error: vagrant command not found. Please install Vagrant and run this script from the test_vm folder."
exit 1
fi

VM_USER=vagrant
VM_PASS=vagrant
VM_IP="$1"
CA_DIR=~/myCA

SSHPASS="sshpass -p $VM_PASS"
SSH_CONFIG_FILE="$(mktemp)"
trap 'rm -f "$SSH_CONFIG_FILE"' EXIT

if ! vagrant ssh-config > "$SSH_CONFIG_FILE" 2>/dev/null; then
echo "Error: failed to generate Vagrant SSH config. Run this script in a valid Vagrant VM directory."
exit 1
fi

SSH_HOST="$(grep -E '^Host ' "$SSH_CONFIG_FILE" | awk '{print $2}' | head -n1)"
if [ -z "$SSH_HOST" ]; then
echo "Error: could not determine Vagrant SSH host from ssh-config."
exit 1
fi

SSH_CMD=(ssh -F "$SSH_CONFIG_FILE" -o StrictHostKeyChecking=no)
SCP_CMD=(scp -F "$SSH_CONFIG_FILE" -o StrictHostKeyChecking=no)

# 1. Generate key and CSR on VM via ssh
$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "cat > /home/vagrant/openssl_ip.cnf" <<EOF
# 1. Generate key and CSR on VM via Vagrant SSH
"${SSH_CMD[@]}" "$SSH_HOST" "cat > /home/vagrant/openssl_ip.cnf" <<EOF
[ req ]
default_bits = 2048
prompt = no
Expand All @@ -54,11 +61,11 @@ subjectAltName = @alt_names
IP.1 = ${VM_IP}
EOF

$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "openssl req -new -nodes -out /home/vagrant/nginx_ip.csr -newkey rsa:2048 -keyout /home/vagrant/nginx_ip.key -config /home/vagrant/openssl_ip.cnf"
"${SSH_CMD[@]}" "$SSH_HOST" "openssl req -new -nodes -out /home/vagrant/nginx_ip.csr -newkey rsa:2048 -keyout /home/vagrant/nginx_ip.key -config /home/vagrant/openssl_ip.cnf"

# 2. Copy CSR and config from VM to host (current directory)
$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/home/vagrant/nginx_ip.csr "$WORKDIR/"
$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/home/vagrant/openssl_ip.cnf "$WORKDIR/"
"${SCP_CMD[@]}" "$SSH_HOST":/home/vagrant/nginx_ip.csr "$WORKDIR/"
"${SCP_CMD[@]}" "$SSH_HOST":/home/vagrant/openssl_ip.cnf "$WORKDIR/"

CSR_PATH="$WORKDIR/nginx_ip.csr"
CONF_PATH="$WORKDIR/openssl_ip.cnf"
Expand All @@ -77,20 +84,20 @@ fi
openssl x509 -req -in "$CSR_PATH" -CA myorgca.pem -CAkey myorgca.key -CAcreateserial -out nginx_ip.crt -days 365 -sha256 -extfile "$CONF_PATH" -extensions req_ext

# 5. Copy certificate and CA back to VM
$SSHPASS scp -o StrictHostKeyChecking=no nginx_ip.crt ${VM_USER}@${VM_IP}:/home/vagrant/
$SSHPASS scp -o StrictHostKeyChecking=no myorgca.pem ${VM_USER}@${VM_IP}:/home/vagrant/
"${SCP_CMD[@]}" nginx_ip.crt "$SSH_HOST":/home/vagrant/
"${SCP_CMD[@]}" myorgca.pem "$SSH_HOST":/home/vagrant/

# 6. Copy myorgca.pem to initial working directory on host (if not already there)
if [ "$WORKDIR" != "$CA_DIR" ]; then
cp "$CA_DIR/myorgca.pem" "$WORKDIR/myorgca.pem"
fi

# 7. Move certificates and configure nginx for SSL on VM
$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/nginx_ip.crt /etc/ssl/certs/nginx_ip.crt"
$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/nginx_ip.key /etc/ssl/private/nginx_ip.key"
$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/myorgca.pem /etc/ssl/certs/myorgca.pem"
"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/nginx_ip.crt /etc/ssl/certs/nginx_ip.crt"
"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/nginx_ip.key /etc/ssl/private/nginx_ip.key"
"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/myorgca.pem /etc/ssl/certs/myorgca.pem"

$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo bash -c 'cat > /etc/nginx/sites-available/default <<EOF
"${SSH_CMD[@]}" "$SSH_HOST" "sudo bash -c 'cat > /etc/nginx/sites-available/default <<EOF
server {
listen 443 ssl;
server_name ${VM_IP};
Expand All @@ -107,8 +114,8 @@ server {
EOF
'"

$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo nginx -t"
$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo systemctl restart nginx"
"${SSH_CMD[@]}" "$SSH_HOST" "sudo nginx -t"
"${SSH_CMD[@]}" "$SSH_HOST" "sudo systemctl restart nginx"

echo "SSL certificate installed and nginx restarted on ${VM_IP}"
if [ "$WORKDIR" != "$CA_DIR" ]; then
Expand All @@ -120,8 +127,8 @@ fi
# 8. Copy nginx_ip.crt from VM to certs subdirectory in initial working directory
CERTS_DIR="$WORKDIR/certs"
mkdir -p "$CERTS_DIR"
$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/etc/ssl/certs/myorgca.pem "$CERTS_DIR/myorgca.pem"
echo "nginx_ip.crt copied from VM to $CERTS_DIR/nginx_ip.crt"
"${SCP_CMD[@]}" "$SSH_HOST":/etc/ssl/certs/myorgca.pem "$CERTS_DIR/myorgca.pem"
echo "myorgca.pem copied from VM to $CERTS_DIR/myorgca.pem"

# 9. Add myorgca.pem to trusted store on the client (Ubuntu/Debian)
if [ -f "$CERTS_DIR/myorgca.pem" ]; then
Expand Down