From 135e1b39682567bf1ed8150d6ae3e35c4c0cce32 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Thu, 30 Apr 2026 15:24:12 -0700 Subject: [PATCH 1/9] RDKB-64489: [Field][DA]: Observed CujoAgent triggering firewall restart continously in 8.3p8s1 Reason for change: Bridgemode event is triggering a firewall restart, added fix to restart firewall only if the bridemode event value is different. Test Procedure: set bridgemode to same value multiple times advsec shouldn't restart firewall. Risks: Low Signed-off-by: arunkumar_nagulapally@comcast.com --- .../cosa_adv_security_internal.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index f722552..b65ba35 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -2339,6 +2339,7 @@ void advsec_handle_sysevent_notification(char *event, char *val) int ret = 0; errno_t rc = -1; int ind = -1; + static char prevBridgeMode[8] = {0}; if(!event || !val) return; @@ -2349,6 +2350,23 @@ void advsec_handle_sysevent_notification(char *event, char *val) { if(type == SYSEVENT_BRIDGE_MODE_EVENT) { + if((val[0] == '\0') || (val[1] != '\0')) + { + CcspTraceWarning(("CcspAdvSecurity: Invalid bridge mode value '%s'\n", val)); + return; + } + + rc = strcmp_s(val, sizeof(prevBridgeMode), prevBridgeMode, &ind); + ERR_CHK(rc); + if((rc == EOK) && (ind == 0)) + { + CcspTraceInfo(("CcspAdvSecurity: Bridge mode unchanged, no action needed %s\n", val)); + return; + } + + rc = strcpy_s(prevBridgeMode, sizeof(prevBridgeMode), val); + ERR_CHK(rc); + if((val[0] == '0') && (val[1] == '\0')) { CcspTraceWarning(("CcspAdvSecurity: Received Bridge Mode Off\n")); From f07caa01c9e84d1ecbed2d5a0cf8f63d1d3503d6 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Mon, 4 May 2026 10:25:04 -0700 Subject: [PATCH 2/9] added unit test and addressed review comments --- .../cosa_adv_security_internal.c | 14 +++- .../CcspAdvSecurityInternalTest.cpp | 72 +++++++++++++++++++ 2 files changed, 84 insertions(+), 2 deletions(-) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index b65ba35..41f9048 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -2339,7 +2339,7 @@ void advsec_handle_sysevent_notification(char *event, char *val) int ret = 0; errno_t rc = -1; int ind = -1; - static char prevBridgeMode[8] = {0}; + static char prevBridgeMode[2] = {0}; if(!event || !val) return; @@ -2356,7 +2356,17 @@ void advsec_handle_sysevent_notification(char *event, char *val) return; } - rc = strcmp_s(val, sizeof(prevBridgeMode), prevBridgeMode, &ind); +#ifndef _XF3_PRODUCT_REQ_ + if((val[0] != '0') && (val[0] != '2')) +#else + if((val[0] != '0') && (val[0] != '3')) +#endif + { + CcspTraceWarning(("CcspAdvSecurity: Unsupported bridge mode value '%s'\n", val)); + return; + } + + rc = strcmp_s(prevBridgeMode, sizeof(prevBridgeMode), val, &ind); ERR_CHK(rc); if((rc == EOK) && (ind == 0)) { diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index 0f3b8e2..cfc9b65 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -2030,3 +2030,75 @@ TEST_F(CcspAdvSecurityInternalTestFixture, CosaAdvSecAgentRaptrDeInit) free(g_pAdvSecAgent->pRaptr_RFC); free(g_pAdvSecAgent); } + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) +{ + char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; + char invalidValue[] = "00"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) + .Times(1) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(0); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) + .Times(0); + + advsec_handle_sysevent_notification(event, invalidValue); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_UnsupportedBridgeModeValue) +{ + char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; + char unsupportedValue[] = "1"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) + .Times(1) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(0); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) + .Times(0); + + advsec_handle_sysevent_notification(event, unsupportedValue); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) +{ + char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; + char bridgeModeOff[] = "0"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) + .Times(4) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(event, bridgeModeOff); + advsec_handle_sysevent_notification(event, bridgeModeOff); +} From 298d03ab7f51c2214bddb3db1c0d19cb53e34577 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Mon, 4 May 2026 10:39:56 -0700 Subject: [PATCH 3/9] UT fix --- .../CcspAdvSecurityInternalTest.cpp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index cfc9b65..efc4942 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -18,6 +18,10 @@ #include "CcspAdvSecurityMock.h" +extern "C" void advsec_handle_sysevent_notification(char *event, char *val); + +static char BRIDGE_MODE_EVENT_NAME[] = "bridge_mode"; + class CcspAdvSecurityInternalTestFixture : public ::testing::Test { protected: void SetUp() override { @@ -2033,7 +2037,6 @@ TEST_F(CcspAdvSecurityInternalTestFixture, CosaAdvSecAgentRaptrDeInit) TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) { - char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; char invalidValue[] = "00"; EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) @@ -2047,12 +2050,11 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_I EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) .Times(0); - advsec_handle_sysevent_notification(event, invalidValue); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); } TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_UnsupportedBridgeModeValue) { - char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; char unsupportedValue[] = "1"; EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) @@ -2066,12 +2068,11 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_U EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) .Times(0); - advsec_handle_sysevent_notification(event, unsupportedValue); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, unsupportedValue); } TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) { - char event[] = ADVSEC_SYSEVENT_BRIDGE_MODE_EVENT; char bridgeModeOff[] = "0"; EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) @@ -2099,6 +2100,6 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_B .Times(1) .WillOnce(Return(0)); - advsec_handle_sysevent_notification(event, bridgeModeOff); - advsec_handle_sysevent_notification(event, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); } From 437a592ff7e7a46508b98f11560b251a4faebbd1 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Mon, 4 May 2026 10:52:30 -0700 Subject: [PATCH 4/9] UT review comments fix --- .../CcspAdvSecurityInternalTest.cpp | 100 ++++++++++++++++-- 1 file changed, 91 insertions(+), 9 deletions(-) diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index efc4942..a7336a4 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -2039,9 +2039,9 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_I { char invalidValue[] = "00"; - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) - .Times(1) - .WillOnce(DoAll( + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( SetArgPointee<3>(0), Return(EOK) )); @@ -2057,9 +2057,9 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_U { char unsupportedValue[] = "1"; - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) - .Times(1) - .WillOnce(DoAll( + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( SetArgPointee<3>(0), Return(EOK) )); @@ -2075,12 +2075,83 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_B { char bridgeModeOff[] = "0"; - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, _, _, _, _)) - .Times(4) + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(::testing::AtLeast(2)) .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) +{ + char bridgeModeOff[] = "0"; +#ifndef _XF3_PRODUCT_REQ_ + char bridgeModeOn[] = "2"; +#else + char bridgeModeOn[] = "3"; +#endif + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( SetArgPointee<3>(0), Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + + ::testing::Mock::VerifyAndClearExpectations(g_safecLibMock); + ::testing::Mock::VerifyAndClearExpectations(g_securewrapperMock); + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(4)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq(bridgeModeOn), _, _, _)) + .Times(2) .WillOnce(DoAll( SetArgPointee<3>(1), Return(EOK) @@ -2088,18 +2159,29 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_B .WillOnce(DoAll( SetArgPointee<3>(0), Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) )) .WillOnce(DoAll( SetArgPointee<3>(0), Return(EOK) )); EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(2) + .WillRepeatedly(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -disable &"), _)) .Times(1) - .WillOnce(Return(EOK)); + .WillOnce(Return(0)); EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) .Times(1) .WillOnce(Return(0)); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); } From 89ef7dcfb82fb60fdace602c871074a7f57ad295 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Mon, 4 May 2026 14:27:43 -0700 Subject: [PATCH 5/9] Fix bridge-mode by tracking all valid state transitions while only firing firewall commands for supported values. --- .../cosa_adv_security_internal.c | 12 +----------- .../CcspAdvSecurityInternalTest.cpp | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index 41f9048..2ce991b 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -2356,21 +2356,11 @@ void advsec_handle_sysevent_notification(char *event, char *val) return; } -#ifndef _XF3_PRODUCT_REQ_ - if((val[0] != '0') && (val[0] != '2')) -#else - if((val[0] != '0') && (val[0] != '3')) -#endif - { - CcspTraceWarning(("CcspAdvSecurity: Unsupported bridge mode value '%s'\n", val)); - return; - } - rc = strcmp_s(prevBridgeMode, sizeof(prevBridgeMode), val, &ind); ERR_CHK(rc); if((rc == EOK) && (ind == 0)) { - CcspTraceInfo(("CcspAdvSecurity: Bridge mode unchanged, no action needed %s\n", val)); + CcspTraceInfo(("CcspAdvSecurity: Bridge mode unchanged '%s', no action needed\n", val)); return; } diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index a7336a4..b148ec0 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -2053,9 +2053,13 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_I advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); } -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_UnsupportedBridgeModeValue) +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) { - char unsupportedValue[] = "1"; + // Bridge mode value "1" is a real state transition on some platforms. + // prevBridgeMode must still be updated so subsequent transitions are + // correctly detected, but no firewall command should fire since only + // '0' and '2'/'3' trigger enable/disable actions. + char intermediateValue[] = "1"; EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) .Times(::testing::AtLeast(1)) @@ -2063,12 +2067,19 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_U SetArgPointee<3>(0), Return(EOK) )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("1"), _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )); EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(0); + .Times(1) + .WillOnce(Return(EOK)); EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) .Times(0); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, unsupportedValue); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, intermediateValue); } TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) From a3f15e6dc2840cde1aff51a99a04fc78992a03f2 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Tue, 5 May 2026 10:37:09 -0700 Subject: [PATCH 6/9] Comments fix --- .../cosa_adv_security_internal.c | 35 +++++++++++++++---- .../cosa_adv_security_internal.h | 2 ++ .../CcspAdvSecurityInternalTest.cpp | 33 +++++++++++++++-- 3 files changed, 61 insertions(+), 9 deletions(-) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index 2ce991b..0346741 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -150,6 +150,7 @@ pthread_mutex_t logMutex = PTHREAD_MUTEX_INITIALIZER; static pthread_cond_t logCond = PTHREAD_COND_INITIALIZER; static BOOL logReady = FALSE; static char prevWanIfname[MAX_INTERFACE_SIZE] = {0}; +static char prevBridgeMode[2] = {0}; void advsec_handle_sysevent_async(void); static void advsec_start_logger_thread(void); @@ -2333,13 +2334,17 @@ int advsec_sysevent_init(void) /* * Sysevent handler. */ +void advsec_reset_bridge_mode_for_test(void) +{ + prevBridgeMode[0] = '\0'; +} + void advsec_handle_sysevent_notification(char *event, char *val) { enum advSysEvent_e type; int ret = 0; errno_t rc = -1; int ind = -1; - static char prevBridgeMode[2] = {0}; if(!event || !val) return; @@ -2350,6 +2355,8 @@ void advsec_handle_sysevent_notification(char *event, char *val) { if(type == SYSEVENT_BRIDGE_MODE_EVENT) { + BOOL updatePrevMode = FALSE; + if((val[0] == '\0') || (val[1] != '\0')) { CcspTraceWarning(("CcspAdvSecurity: Invalid bridge mode value '%s'\n", val)); @@ -2363,9 +2370,6 @@ void advsec_handle_sysevent_notification(char *event, char *val) CcspTraceInfo(("CcspAdvSecurity: Bridge mode unchanged '%s', no action needed\n", val)); return; } - - rc = strcpy_s(prevBridgeMode, sizeof(prevBridgeMode), val); - ERR_CHK(rc); if((val[0] == '0') && (val[1] == '\0')) { @@ -2375,13 +2379,17 @@ void advsec_handle_sysevent_notification(char *event, char *val) { CcspTraceWarning(("Failure in executing command via v_secure_system. ret val: %d \n", ret)); } + else + { + updatePrevMode = TRUE; + } } #ifndef _XF3_PRODUCT_REQ_ - if((val[0] == '2') && (val[1] == '\0')) + else if((val[0] == '2') && (val[1] == '\0')) #else - if((val[0] == '3') && (val[1] == '\0')) + else if((val[0] == '3') && (val[1] == '\0')) #endif { CcspTraceWarning(("CcspAdvSecurity: Received Bridge Mode On\n")); @@ -2390,6 +2398,21 @@ void advsec_handle_sysevent_notification(char *event, char *val) { CcspTraceWarning(("Failure in executing command via v_secure_system. ret val: %d \n", ret)); } + else + { + updatePrevMode = TRUE; + } + + } + else + { + updatePrevMode = TRUE; + } + + if(updatePrevMode) + { + rc = strcpy_s(prevBridgeMode, sizeof(prevBridgeMode), val); + ERR_CHK(rc); } } diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.h b/source/AdvSecurityDml/cosa_adv_security_internal.h index 9fcce96..5b4847f 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.h +++ b/source/AdvSecurityDml/cosa_adv_security_internal.h @@ -216,6 +216,8 @@ ANSC_STATUS Wifi_GetParameterValue(const char *pParamName, char *pReturnVal); BOOL WifiMgmtFrame_GetActive_Status(void); BOOL WifiLevl_GetActive_Status(void); int wifidcl_init_precheck(void); +void advsec_handle_sysevent_notification(char *event, char *val); +void advsec_reset_bridge_mode_for_test(void); ANSC_HANDLE CosaSecurityCreate diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index b148ec0..3e7a022 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -18,13 +18,12 @@ #include "CcspAdvSecurityMock.h" -extern "C" void advsec_handle_sysevent_notification(char *event, char *val); - static char BRIDGE_MODE_EVENT_NAME[] = "bridge_mode"; class CcspAdvSecurityInternalTestFixture : public ::testing::Test { protected: void SetUp() override { + advsec_reset_bridge_mode_for_test(); g_syscfgMock = new SyscfgMock(); g_securewrapperMock = new SecureWrapperMock(); @@ -2055,7 +2054,7 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_I TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) { - // Bridge mode value "1" is a real state transition on some platforms. + // Bridge mode value "1" is a real state transition . // prevBridgeMode must still be updated so subsequent transitions are // correctly detected, but no firewall command should fire since only // '0' and '2'/'3' trigger enable/disable actions. @@ -2117,6 +2116,34 @@ TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_B advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); } +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeRetryOnCommandFailure) +{ + char bridgeModeOff[] = "0"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillRepeatedly(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(2) + .WillOnce(Return(1)) + .WillOnce(Return(0)); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +} + TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) { char bridgeModeOff[] = "0"; From 6c57dede86a7116bb749e54f7e4f1e06820c4886 Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Tue, 5 May 2026 11:21:10 -0700 Subject: [PATCH 7/9] moved UT above to memorylimit test --- .../CcspAdvSecurityInternalTest.cpp | 568 ++++++++++++------ 1 file changed, 379 insertions(+), 189 deletions(-) diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index 3e7a022..0dc2df4 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -1166,6 +1166,196 @@ TEST_F(CcspAdvSecurityInternalTestFixture, CosaAdvSecGetLookupTimeoutExceededCou EXPECT_EQ(CosaAdvSecGetLookupTimeoutExceededCount(), lcount); } +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) +{ + char invalidValue[] = "00"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(0); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) + .Times(0); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) +{ + // Bridge mode value "1" is a real state transition . + // prevBridgeMode must still be updated so subsequent transitions are + // correctly detected, but no firewall command should fire since only + // '0' and '2'/'3' trigger enable/disable actions. + char intermediateValue[] = "1"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("1"), _, _, _)) + .Times(::testing::AtLeast(1)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) + .Times(0); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, intermediateValue); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) +{ + char bridgeModeOff[] = "0"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(::testing::AtLeast(2)) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeRetryOnCommandFailure) +{ + char bridgeModeOff[] = "0"; + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillRepeatedly(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(2) + .WillOnce(Return(1)) + .WillOnce(Return(0)); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +} + +TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) +{ + char bridgeModeOff[] = "0"; +#ifndef _XF3_PRODUCT_REQ_ + char bridgeModeOn[] = "2"; +#else + char bridgeModeOn[] = "3"; +#endif + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(2)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(1) + .WillOnce(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + + ::testing::Mock::VerifyAndClearExpectations(g_safecLibMock); + ::testing::Mock::VerifyAndClearExpectations(g_securewrapperMock); + + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) + .Times(::testing::AtLeast(4)) + .WillRepeatedly(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq(bridgeModeOn), _, _, _)) + .Times(2) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) + .Times(2) + .WillOnce(DoAll( + SetArgPointee<3>(1), + Return(EOK) + )) + .WillOnce(DoAll( + SetArgPointee<3>(0), + Return(EOK) + )); + EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) + .Times(2) + .WillRepeatedly(Return(EOK)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -disable &"), _)) + .Times(1) + .WillOnce(Return(0)); + EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) + .Times(1) + .WillOnce(Return(0)); + + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +} + TEST_F(CcspAdvSecurityInternalTestFixture, CosaRabidSetMemoryLimit) { const char *RabidMemoryLimit = "Advsecurity_RabidMemoryLimit"; @@ -2034,192 +2224,192 @@ TEST_F(CcspAdvSecurityInternalTestFixture, CosaAdvSecAgentRaptrDeInit) free(g_pAdvSecAgent); } -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) -{ - char invalidValue[] = "00"; - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(1)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(0); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) - .Times(0); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); -} - -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) -{ - // Bridge mode value "1" is a real state transition . - // prevBridgeMode must still be updated so subsequent transitions are - // correctly detected, but no firewall command should fire since only - // '0' and '2'/'3' trigger enable/disable actions. - char intermediateValue[] = "1"; - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(1)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("1"), _, _, _)) - .Times(::testing::AtLeast(1)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(1) - .WillOnce(Return(EOK)); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) - .Times(0); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, intermediateValue); -} - -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) -{ - char bridgeModeOff[] = "0"; - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(2)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) - .Times(::testing::AtLeast(2)) - .WillOnce(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )) - .WillOnce(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(1) - .WillOnce(Return(EOK)); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) - .Times(1) - .WillOnce(Return(0)); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -} - -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeRetryOnCommandFailure) -{ - char bridgeModeOff[] = "0"; - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(2)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) - .Times(2) - .WillRepeatedly(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) - .Times(2) - .WillOnce(Return(1)) - .WillOnce(Return(0)); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(1) - .WillOnce(Return(EOK)); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -} - -TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) -{ - char bridgeModeOff[] = "0"; -#ifndef _XF3_PRODUCT_REQ_ - char bridgeModeOn[] = "2"; -#else - char bridgeModeOn[] = "3"; -#endif - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(2)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) - .Times(2) - .WillOnce(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )) - .WillOnce(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(1) - .WillOnce(Return(EOK)); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) - .Times(1) - .WillOnce(Return(0)); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - - ::testing::Mock::VerifyAndClearExpectations(g_safecLibMock); - ::testing::Mock::VerifyAndClearExpectations(g_securewrapperMock); - - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) - .Times(::testing::AtLeast(4)) - .WillRepeatedly(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq(bridgeModeOn), _, _, _)) - .Times(2) - .WillOnce(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )) - .WillOnce(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) - .Times(2) - .WillOnce(DoAll( - SetArgPointee<3>(1), - Return(EOK) - )) - .WillOnce(DoAll( - SetArgPointee<3>(0), - Return(EOK) - )); - EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) - .Times(2) - .WillRepeatedly(Return(EOK)); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -disable &"), _)) - .Times(1) - .WillOnce(Return(0)); - EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) - .Times(1) - .WillOnce(Return(0)); - - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -} +// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) +// { +// char invalidValue[] = "00"; + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(1)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(0); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) +// .Times(0); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); +// } + +// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) +// { +// // Bridge mode value "1" is a real state transition . +// // prevBridgeMode must still be updated so subsequent transitions are +// // correctly detected, but no firewall command should fire since only +// // '0' and '2'/'3' trigger enable/disable actions. +// char intermediateValue[] = "1"; + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(1)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("1"), _, _, _)) +// .Times(::testing::AtLeast(1)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(1) +// .WillOnce(Return(EOK)); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) +// .Times(0); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, intermediateValue); +// } + +// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) +// { +// char bridgeModeOff[] = "0"; + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(2)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) +// .Times(::testing::AtLeast(2)) +// .WillOnce(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )) +// .WillOnce(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(1) +// .WillOnce(Return(EOK)); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) +// .Times(1) +// .WillOnce(Return(0)); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// } + +// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeRetryOnCommandFailure) +// { +// char bridgeModeOff[] = "0"; + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(2)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) +// .Times(2) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) +// .Times(2) +// .WillOnce(Return(1)) +// .WillOnce(Return(0)); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(1) +// .WillOnce(Return(EOK)); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// } + +// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) +// { +// char bridgeModeOff[] = "0"; +// #ifndef _XF3_PRODUCT_REQ_ +// char bridgeModeOn[] = "2"; +// #else +// char bridgeModeOn[] = "3"; +// #endif + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(2)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) +// .Times(2) +// .WillOnce(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )) +// .WillOnce(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(1) +// .WillOnce(Return(EOK)); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) +// .Times(1) +// .WillOnce(Return(0)); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); + +// ::testing::Mock::VerifyAndClearExpectations(g_safecLibMock); +// ::testing::Mock::VerifyAndClearExpectations(g_securewrapperMock); + +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) +// .Times(::testing::AtLeast(4)) +// .WillRepeatedly(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq(bridgeModeOn), _, _, _)) +// .Times(2) +// .WillOnce(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )) +// .WillOnce(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) +// .Times(2) +// .WillOnce(DoAll( +// SetArgPointee<3>(1), +// Return(EOK) +// )) +// .WillOnce(DoAll( +// SetArgPointee<3>(0), +// Return(EOK) +// )); +// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) +// .Times(2) +// .WillRepeatedly(Return(EOK)); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -disable &"), _)) +// .Times(1) +// .WillOnce(Return(0)); +// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) +// .Times(1) +// .WillOnce(Return(0)); + +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); +// } From 540bff655c3ead1505571ca8a94370be990969cd Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Tue, 5 May 2026 12:00:39 -0700 Subject: [PATCH 8/9] UT fix --- .../cosa_adv_security_internal.c | 2 + .../cosa_adv_security_internal.h | 2 + .../CcspAdvSecurityInternalTest.cpp | 192 +----------------- 3 files changed, 6 insertions(+), 190 deletions(-) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index 0346741..8646a5d 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -2334,10 +2334,12 @@ int advsec_sysevent_init(void) /* * Sysevent handler. */ +#ifdef UNIT_TEST void advsec_reset_bridge_mode_for_test(void) { prevBridgeMode[0] = '\0'; } +#endif void advsec_handle_sysevent_notification(char *event, char *val) { diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.h b/source/AdvSecurityDml/cosa_adv_security_internal.h index 5b4847f..f3fb6cf 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.h +++ b/source/AdvSecurityDml/cosa_adv_security_internal.h @@ -217,7 +217,9 @@ BOOL WifiMgmtFrame_GetActive_Status(void); BOOL WifiLevl_GetActive_Status(void); int wifidcl_init_precheck(void); void advsec_handle_sysevent_notification(char *event, char *val); +#ifdef UNIT_TEST void advsec_reset_bridge_mode_for_test(void); +#endif ANSC_HANDLE CosaSecurityCreate diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index 0dc2df4..3be1634 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -23,7 +23,9 @@ static char BRIDGE_MODE_EVENT_NAME[] = "bridge_mode"; class CcspAdvSecurityInternalTestFixture : public ::testing::Test { protected: void SetUp() override { +#ifdef UNIT_TEST advsec_reset_bridge_mode_for_test(); +#endif g_syscfgMock = new SyscfgMock(); g_securewrapperMock = new SecureWrapperMock(); @@ -2223,193 +2225,3 @@ TEST_F(CcspAdvSecurityInternalTestFixture, CosaAdvSecAgentRaptrDeInit) free(g_pAdvSecAgent->pRaptr_RFC); free(g_pAdvSecAgent); } - -// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_InvalidBridgeModeValue) -// { -// char invalidValue[] = "00"; - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(1)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(0); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) -// .Times(0); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, invalidValue); -// } - -// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_IntermediateBridgeModeValueNoFirewallAction) -// { -// // Bridge mode value "1" is a real state transition . -// // prevBridgeMode must still be updated so subsequent transitions are -// // correctly detected, but no firewall command should fire since only -// // '0' and '2'/'3' trigger enable/disable actions. -// char intermediateValue[] = "1"; - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(1)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("1"), _, _, _)) -// .Times(::testing::AtLeast(1)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(1) -// .WillOnce(Return(EOK)); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(_, _)) -// .Times(0); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, intermediateValue); -// } - -// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeUnchangedNoAction) -// { -// char bridgeModeOff[] = "0"; - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(2)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) -// .Times(::testing::AtLeast(2)) -// .WillOnce(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )) -// .WillOnce(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(1) -// .WillOnce(Return(EOK)); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) -// .Times(1) -// .WillOnce(Return(0)); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// } - -// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeRetryOnCommandFailure) -// { -// char bridgeModeOff[] = "0"; - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(2)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) -// .Times(2) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) -// .Times(2) -// .WillOnce(Return(1)) -// .WillOnce(Return(0)); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(1) -// .WillOnce(Return(EOK)); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// } - -// TEST_F(CcspAdvSecurityInternalTestFixture, advsec_handle_sysevent_notification_BridgeModeTransitionActionsOnChangeOnly) -// { -// char bridgeModeOff[] = "0"; -// #ifndef _XF3_PRODUCT_REQ_ -// char bridgeModeOn[] = "2"; -// #else -// char bridgeModeOn[] = "3"; -// #endif - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(2)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) -// .Times(2) -// .WillOnce(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )) -// .WillOnce(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(1) -// .WillOnce(Return(EOK)); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) -// .Times(1) -// .WillOnce(Return(0)); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); - -// ::testing::Mock::VerifyAndClearExpectations(g_safecLibMock); -// ::testing::Mock::VerifyAndClearExpectations(g_securewrapperMock); - -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(StrEq("bridge_mode"), _, _, _, _, _)) -// .Times(::testing::AtLeast(4)) -// .WillRepeatedly(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq(bridgeModeOn), _, _, _)) -// .Times(2) -// .WillOnce(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )) -// .WillOnce(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcmp_s_chk(_, _, StrEq("0"), _, _, _)) -// .Times(2) -// .WillOnce(DoAll( -// SetArgPointee<3>(1), -// Return(EOK) -// )) -// .WillOnce(DoAll( -// SetArgPointee<3>(0), -// Return(EOK) -// )); -// EXPECT_CALL(*g_safecLibMock, _strcpy_s_chk(_, _, _, _)) -// .Times(2) -// .WillRepeatedly(Return(EOK)); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -disable &"), _)) -// .Times(1) -// .WillOnce(Return(0)); -// EXPECT_CALL(*g_securewrapperMock, v_secure_system(HasSubstr("/usr/ccsp/advsec/start_adv_security.sh -enable &"), _)) -// .Times(1) -// .WillOnce(Return(0)); - -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOn); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// advsec_handle_sysevent_notification(BRIDGE_MODE_EVENT_NAME, bridgeModeOff); -// } From 2701ecb0e1332941b440bd05b86c599d82e9c59c Mon Sep 17 00:00:00 2001 From: "Nagulapally, Arun Kumar" Date: Tue, 5 May 2026 22:06:33 -0700 Subject: [PATCH 9/9] remove UNIT_TEST from source code --- source/AdvSecurityDml/cosa_adv_security_internal.c | 9 +-------- source/AdvSecurityDml/cosa_adv_security_internal.h | 9 ++++++--- .../CcspAdvSecurityInternalTest.cpp | 6 +++--- 3 files changed, 10 insertions(+), 14 deletions(-) diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c index 8646a5d..6293c16 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.c +++ b/source/AdvSecurityDml/cosa_adv_security_internal.c @@ -150,7 +150,7 @@ pthread_mutex_t logMutex = PTHREAD_MUTEX_INITIALIZER; static pthread_cond_t logCond = PTHREAD_COND_INITIALIZER; static BOOL logReady = FALSE; static char prevWanIfname[MAX_INTERFACE_SIZE] = {0}; -static char prevBridgeMode[2] = {0}; +STATIC char prevBridgeMode[2] = {0}; void advsec_handle_sysevent_async(void); static void advsec_start_logger_thread(void); @@ -2334,13 +2334,6 @@ int advsec_sysevent_init(void) /* * Sysevent handler. */ -#ifdef UNIT_TEST -void advsec_reset_bridge_mode_for_test(void) -{ - prevBridgeMode[0] = '\0'; -} -#endif - void advsec_handle_sysevent_notification(char *event, char *val) { enum advSysEvent_e type; diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.h b/source/AdvSecurityDml/cosa_adv_security_internal.h index f3fb6cf..560e5b5 100644 --- a/source/AdvSecurityDml/cosa_adv_security_internal.h +++ b/source/AdvSecurityDml/cosa_adv_security_internal.h @@ -19,6 +19,12 @@ #ifndef _COSA_ADV_SEC_INTERNAL_H #define _COSA_ADV_SEC_INTERNAL_H +#ifndef UNIT_TEST_DOCKER_SUPPORT +#define STATIC static +#else +#define STATIC +#endif + #include "ansc_platform.h" #include "ansc_string_util.h" @@ -217,9 +223,6 @@ BOOL WifiMgmtFrame_GetActive_Status(void); BOOL WifiLevl_GetActive_Status(void); int wifidcl_init_precheck(void); void advsec_handle_sysevent_notification(char *event, char *val); -#ifdef UNIT_TEST -void advsec_reset_bridge_mode_for_test(void); -#endif ANSC_HANDLE CosaSecurityCreate diff --git a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp index 3be1634..3857462 100644 --- a/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp +++ b/source/test/CcspAdvSecurityDmlTest/CcspAdvSecurityInternalTest.cpp @@ -20,12 +20,12 @@ static char BRIDGE_MODE_EVENT_NAME[] = "bridge_mode"; +extern "C" char prevBridgeMode[2]; + class CcspAdvSecurityInternalTestFixture : public ::testing::Test { protected: void SetUp() override { -#ifdef UNIT_TEST - advsec_reset_bridge_mode_for_test(); -#endif + prevBridgeMode[0] = '\0'; g_syscfgMock = new SyscfgMock(); g_securewrapperMock = new SecureWrapperMock();