From 8089da4cc5737137ff43cd9cad2e50e8069cc03e Mon Sep 17 00:00:00 2001 From: Julien Perrochet Date: Thu, 7 Sep 2023 17:21:18 +0200 Subject: [PATCH] NET0220 --- .../astm/netrid/common/aggregate_checks.py | 29 +++++++++++++++++++ .../astm/netrid/v19/aggregate_checks.md | 8 +++++ .../astm/netrid/v22a/aggregate_checks.md | 8 +++++ 3 files changed, 45 insertions(+) diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py index a9bbc945d3..5d4823e45c 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py @@ -103,8 +103,37 @@ def run(self): self.end_test_step() self.end_test_case() + self.begin_test_case("Verify https is in use") + self.begin_test_step("Verify https is in use") + + self._verify_https_everywhere() + + self.end_test_step() + self.end_test_case() + self.end_test_scenario() + def _verify_https_everywhere(self): + + # TODO check if this is the correct way to do things: + # Ie, if we want to define this as a capability and not a failing check if there is no https, + # is it enough to declare a check only if everything went well? + # alternatively, a failure with a severity of LOW might work too? + + found_cleartext_query = False + for query in self._queries: + if query.request.url.startswith("http://"): + found_cleartext_query = True + self.record_note( + "https", f"query is not https: {query.request.url}" + ) + + if not found_cleartext_query: + self.check( + "All interactions happen over https", + self._queries_by_participant.keys(), + ) + def _sp_flights_area_times_step(self): for participant, all_queries in self._queries_by_participant.items(): # identify successful flights queries diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/aggregate_checks.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/aggregate_checks.md index 8dcbdfead6..6d9bef2035 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/aggregate_checks.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/aggregate_checks.md @@ -42,3 +42,11 @@ of the durations for the subsequent display data queries do not exceed the respe **[astm.f3411.v19.NET0260-a](../../../../requirements/astm/f3411/v19.md)** requires that the 95th and 99th percentiles of the durations for the replies to requested flights in an area do not exceed the respective thresholds `NetSpDataResponseTime95thPercentile` (1 second) and `NetSpDataResponseTime99thPercentile` (3 seconds). + +## Verify https is in use test case + +### Verify https is in use test step + +#### All interactions happen over https check + +If non-encrypted interactions such as plaintext queries over http are allowed, **[astm.f3411.v19.NET0220](../../../../requirements/astm/f3411/v19.md)** is not satisfied. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/aggregate_checks.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/aggregate_checks.md index 17760ea7eb..bc330aa7da 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/aggregate_checks.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/aggregate_checks.md @@ -43,3 +43,11 @@ of the durations for the subsequent display data queries do not exceed the respe **[astm.f3411.v22a.NET0260-a](../../../../requirements/astm/f3411/v22a.md)** requires that the 95th and 99th percentiles of the durations for the replies to requested flights in an area do not exceed the respective thresholds `NetSpDataResponseTime95thPercentile` (1 second) and `NetSpDataResponseTime99thPercentile` (3 seconds). + +## Verify https is in use test case + +### Verify https is in use test step + +#### All interactions happen over https check + +If non-encrypted interactions such as plaintext queries over http are allowed, **[astm.f3411.v19.NET0220](../../../../requirements/astm/f3411/v19.md)** is not satisfied.