View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009580Compliance Test Tool (CTT) Unified Architecture1 - Script Issuepublic2024-06-10 12:502024-07-18 11:05
ReporterUwe Stadelmann Assigned ToSebastian Allmendinger  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version1.04.11-01.00.506 
Summary0009580: ObjectTypesValidation.js ignores Bad_SecurityModeInsufficient
Description

The problem occurs several times. One example is testing of the nodeid i=12545.

The reading failed with status code Bad_SecurityModeInsufficient.

The CTT is configures to connect with security mode none.
In this case the value of the nodeid i=12545 can not be read.

From the debugger: Ignoring Value with not good StatusCode: Read.Response.Results[0] received 'BadSecurityModeInsufficient (0x80e60000), but Expected: Good (0x00000000) or BadNotReadable (0x803a0000) or BadUserAccessDenied (0x801f0000).

The test fails with
"OutputArguments should be of type Array"
" Expected <1> but got <0>"

Bad_SecurityModeInsufficient should be expected, too.

Steps To Reproduce

Configure CTT Server Test -> Secure Channel with MessageSecurityMode = None and RequestedSecurityPolicyUri = None.
Use a user which is securityAdmin.
Run test case Base Info Type System -> ObjectTypesValidation.js

TagsNo tags attached.
Files Affected

/library/Information/InfoFactory.js

Activities

Paul Hunkar

2024-07-04 15:26

administrator   ~0021416

The CTT should be updated to run these test using a secure endpoint (not none)

Frank Fischer

2024-07-05 07:51

reporter   ~0021421

The CTT should nevertheless be able to run this test successfully on servers that only have a none endpoint

Sebastian Allmendinger

2024-07-18 11:04

developer   ~0021481

The test scripts in the Conformance Group Base Information TypeSystem validate general expectations/rules for TypeDefinitions and Instances of these Types.

Because they are not intended to validate the actual values (or any access rights), there is already a suppression of any bad status when reading the values of attributes implemented.
But in some cases, an evaluation of the StatusCode was missing and the test script continued with the validation even if the value is not available.
This happened for example for the InputArguments of methods. In the case of the reporters server, the CTT received a bad result when reading the InputArguments of a security related method and then validated a not existing value against the expectation that it must be an array. This - of course - failed.

The test scripts have been updated to skip the validation if it receives a bad result.

The CTT uses the Default SecureChannel and Authentification that can be configured in the settings of the CTT for these tests. It is recommended and also part of the certification tests to run the CTT against secure and insecure endpoints as default.

Issue History

Date Modified Username Field Change
2024-06-10 12:50 Uwe Stadelmann New Issue
2024-07-04 15:26 Paul Hunkar Note Added: 0021416
2024-07-04 15:28 Paul Hunkar Assigned To => Alexander Allmendinger
2024-07-04 15:28 Paul Hunkar Status new => assigned
2024-07-05 07:51 Frank Fischer Note Added: 0021421
2024-07-18 11:04 Sebastian Allmendinger Note Added: 0021481
2024-07-18 11:05 Sebastian Allmendinger Files Affected => /library/Information/InfoFactory.js
2024-07-18 11:05 Sebastian Allmendinger Assigned To Alexander Allmendinger => Sebastian Allmendinger
2024-07-18 11:05 Sebastian Allmendinger Status assigned => resolved
2024-07-18 11:05 Sebastian Allmendinger Resolution open => fixed