tests: Filter useless warnings

Filter out:
 * DeprecationWarnings for updater module when we are on purpose
   testing deprecated methods from updater
 * SubjectAltNameWarning for connections to our test server

These warnings are visible with e.g.
  python3 test_updater.py

The large change in test_download.py is just indentation into with-block.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>

tests/test_download.py

@@ -38,6 +38,8 @@
 import os
 import sys
 import unittest
+import urllib3
+import warnings
 
 import tuf
 import tuf.download as download
@@ -295,63 +297,68 @@ def test_https_connection(self):
       # the bad cert. Expect failure because even though we trust it, the
       # hostname we're connecting to does not match the hostname in the cert.
       logger.info('Trying HTTPS download of target file: ' + bad_https_url)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.safe_download(bad_https_url, target_data_length)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.unsafe_download(bad_https_url, target_data_length)
+      with warnings.catch_warnings():
+        # We're ok with a slightly fishy localhost cert
+        warnings.filterwarnings('ignore',
+            category=urllib3.exceptions.SubjectAltNameWarning)
 
-      # Try connecting to the server processes with the good certs while not
-      # trusting the good certs (trusting the bad cert instead). Expect failure
-      # because even though the server's cert file is otherwise OK, we don't
-      # trust it.
-      logger.info('Trying HTTPS download of target file: ' + good_https_url)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.safe_download(good_https_url, target_data_length)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.unsafe_download(good_https_url, target_data_length)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.safe_download(bad_https_url, target_data_length)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.unsafe_download(bad_https_url, target_data_length)
 
-      logger.info('Trying HTTPS download of target file: ' + good2_https_url)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.safe_download(good2_https_url, target_data_length)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.unsafe_download(good2_https_url, target_data_length)
+        # Try connecting to the server processes with the good certs while not
+        # trusting the good certs (trusting the bad cert instead). Expect failure
+        # because even though the server's cert file is otherwise OK, we don't
+        # trust it.
+        logger.info('Trying HTTPS download of target file: ' + good_https_url)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.safe_download(good_https_url, target_data_length)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.unsafe_download(good_https_url, target_data_length)
+
+        logger.info('Trying HTTPS download of target file: ' + good2_https_url)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.safe_download(good2_https_url, target_data_length)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.unsafe_download(good2_https_url, target_data_length)
 
 
-      # Configure environment to now trust the certfile that is expired.
-      os.environ['REQUESTS_CA_BUNDLE'] = expired_cert_fname
-      # Clear sessions to ensure that the certificate we just specified is used.
-      # TODO: Confirm necessity of this session clearing and lay out mechanics.
-      tuf.download._sessions = {}
+        # Configure environment to now trust the certfile that is expired.
+        os.environ['REQUESTS_CA_BUNDLE'] = expired_cert_fname
+        # Clear sessions to ensure that the certificate we just specified is used.
+        # TODO: Confirm necessity of this session clearing and lay out mechanics.
+        tuf.download._sessions = {}
 
-      # Try connecting to the server process with the expired cert while
-      # trusting the expired cert. Expect failure because even though we trust
-      # it, it is expired.
-      logger.info('Trying HTTPS download of target file: ' + expired_https_url)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.safe_download(expired_https_url, target_data_length)
-      with self.assertRaises(requests.exceptions.SSLError):
-        download.unsafe_download(expired_https_url, target_data_length)
+        # Try connecting to the server process with the expired cert while
+        # trusting the expired cert. Expect failure because even though we trust
+        # it, it is expired.
+        logger.info('Trying HTTPS download of target file: ' + expired_https_url)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.safe_download(expired_https_url, target_data_length)
+        with self.assertRaises(requests.exceptions.SSLError):
+          download.unsafe_download(expired_https_url, target_data_length)
 
 
-      # Try connecting to the server processes with the good certs while
-      # trusting the appropriate good certs. Expect success.
-      # TODO: expand testing to switch expected certificates back and forth a
-      #       bit more while clearing / not clearing sessions.
-      os.environ['REQUESTS_CA_BUNDLE'] = good_cert_fname
-      # Clear sessions to ensure that the certificate we just specified is used.
-      # TODO: Confirm necessity of this session clearing and lay out mechanics.
-      tuf.download._sessions = {}
-      logger.info('Trying HTTPS download of target file: ' + good_https_url)
-      download.safe_download(good_https_url, target_data_length).close()
-      download.unsafe_download(good_https_url, target_data_length).close()
+        # Try connecting to the server processes with the good certs while
+        # trusting the appropriate good certs. Expect success.
+        # TODO: expand testing to switch expected certificates back and forth a
+        #       bit more while clearing / not clearing sessions.
+        os.environ['REQUESTS_CA_BUNDLE'] = good_cert_fname
+        # Clear sessions to ensure that the certificate we just specified is used.
+        # TODO: Confirm necessity of this session clearing and lay out mechanics.
+        tuf.download._sessions = {}
+        logger.info('Trying HTTPS download of target file: ' + good_https_url)
+        download.safe_download(good_https_url, target_data_length).close()
+        download.unsafe_download(good_https_url, target_data_length).close()
 
-      os.environ['REQUESTS_CA_BUNDLE'] = good2_cert_fname
-      # Clear sessions to ensure that the certificate we just specified is used.
-      # TODO: Confirm necessity of this session clearing and lay out mechanics.
-      tuf.download._sessions = {}
-      logger.info('Trying HTTPS download of target file: ' + good2_https_url)
-      download.safe_download(good2_https_url, target_data_length).close()
-      download.unsafe_download(good2_https_url, target_data_length).close()
+        os.environ['REQUESTS_CA_BUNDLE'] = good2_cert_fname
+        # Clear sessions to ensure that the certificate we just specified is used.
+        # TODO: Confirm necessity of this session clearing and lay out mechanics.
+        tuf.download._sessions = {}
+        logger.info('Trying HTTPS download of target file: ' + good2_https_url)
+        download.safe_download(good2_https_url, target_data_length).close()
+        download.unsafe_download(good2_https_url, target_data_length).close()
 
     finally:
       for proc_handler in [

tests/test_extraneous_dependencies_attack.py

@@ -201,7 +201,8 @@ def test_with_tuf(self):
     self.repository_updater.refresh()
 
     try:
-      self.repository_updater.targets_of_role('role1')
+      with utils.ignore_deprecation_warnings('tuf.client.updater'):
+        self.repository_updater.targets_of_role('role1')
 
     # Verify that the specific 'tuf.exceptions.ForbiddenTargetError' exception is raised
     # by each mirror.

tests/test_mix_and_match_attack.py

@@ -221,7 +221,8 @@ def test_with_tuf(self):
     self.repository_updater.refresh()
 
     try:
-      self.repository_updater.targets_of_role('role1')
+      with utils.ignore_deprecation_warnings('tuf.client.updater'):
+        self.repository_updater.targets_of_role('role1')
 
     # Verify that the specific
     # 'tuf.exceptions.BadVersionNumberError' exception is raised by

tests/test_updater.py

@@ -1000,7 +1000,8 @@ def test_5_all_targets(self):
    self.repository_updater.refresh()
 
    # Test: normal case.
-   all_targets = self.repository_updater.all_targets()
+   with utils.ignore_deprecation_warnings('tuf.client.updater'):
+    all_targets = self.repository_updater.all_targets()
 
    # Verify format of 'all_targets', it should correspond to
    # 'TARGETINFOS_SCHEMA'.
@@ -1044,7 +1045,8 @@ def test_5_targets_of_role(self):
 
 
     # Test: normal case.
-    targetinfos = self.repository_updater.targets_of_role('role1')
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      targetinfos = self.repository_updater.targets_of_role('role1')
 
     # Verify that the expected role files were downloaded and installed.
     os.path.exists(os.path.join(self.client_metadata_current, 'targets.json'))
@@ -1061,10 +1063,11 @@ def test_5_targets_of_role(self):
 
     # Test: Invalid arguments.
     # targets_of_role() expected a string rolename.
-    self.assertRaises(securesystemslib.exceptions.FormatError, self.repository_updater.targets_of_role,
-                      8)
-    self.assertRaises(tuf.exceptions.UnknownRoleError, self.repository_updater.targets_of_role,
-                      'unknown_rolename')
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      self.assertRaises(securesystemslib.exceptions.FormatError, self.repository_updater.targets_of_role,
+                        8)
+      self.assertRaises(tuf.exceptions.UnknownRoleError, self.repository_updater.targets_of_role,
+                        'unknown_rolename')
 
 
 
@@ -1398,7 +1401,8 @@ def test_7_updated_targets(self):
 
     # Get the list of target files.  It will be used as an argument to the
     # 'updated_targets()' function.
-    all_targets = self.repository_updater.all_targets()
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      all_targets = self.repository_updater.all_targets()
 
     # Test for duplicates and targets in the root directory of the repository.
     additional_target = all_targets[0].copy()
@@ -1412,7 +1416,8 @@ def test_7_updated_targets(self):
     updated_targets = \
       self.repository_updater.updated_targets(all_targets, destination_directory)
 
-    all_targets = self.repository_updater.all_targets()
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      all_targets = self.repository_updater.all_targets()
 
     # Assumed the pre-generated repository specifies two target files in
     # 'targets.json' and one delegated target file in 'role1.json'.
@@ -1479,7 +1484,8 @@ def test_7_updated_targets(self):
     self.repository_updater.refresh()
 
     # Verify that the new target file is considered updated.
-    all_targets = self.repository_updater.all_targets()
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      all_targets = self.repository_updater.all_targets()
     updated_targets = \
       self.repository_updater.updated_targets(all_targets, destination_directory)
     self.assertEqual(len(updated_targets), 1)
@@ -1522,7 +1528,8 @@ def test_8_remove_obsolete_targets(self):
     destination_directory = self.make_temp_directory()
 
     #  Populate 'destination_direction' with all target files.
-    all_targets = self.repository_updater.all_targets()
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      all_targets = self.repository_updater.all_targets()
 
     self.assertEqual(len(os.listdir(destination_directory)), 0)
 
@@ -1553,7 +1560,8 @@ def test_8_remove_obsolete_targets(self):
     # Verify number of target files in 'destination_directory' (should be 1
     # after the update made to the remote repository), and call
     # 'remove_obsolete_targets()'.
-    all_targets = self.repository_updater.all_targets()
+    with utils.ignore_deprecation_warnings('tuf.client.updater'):
+      all_targets = self.repository_updater.all_targets()
 
     updated_targets = \
       self.repository_updater.updated_targets(all_targets,

tests/utils.py

@@ -21,6 +21,7 @@
 """
 
 import argparse
+from contextlib import contextmanager
 import errno
 import logging
 import socket
@@ -28,6 +29,7 @@
 import subprocess
 import tempfile
 import random
+import warnings
 
 import tuf.log
 
@@ -46,6 +48,16 @@ def __init__(self, value="Timeout"):
     def __str__(self):
       return repr(self.value)
 
+
+@contextmanager
+def ignore_deprecation_warnings(module):
+  with warnings.catch_warnings():
+    warnings.filterwarnings('ignore',
+        category=DeprecationWarning,
+        module=module)
+    yield
+
+
 # Wait until host:port accepts connections.
 # Raises TimeoutError if this does not happen within timeout seconds
 # There are major differences between operating systems on how this works