From 02982b4b98db19ab41f50b6161efc6c6c0c3e877 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 10:56:10 -0400 Subject: [PATCH 1/6] Remove duplicate LOC in test_developer_tool.py Signed-off-by: Vladimir Diaz --- tests/test_developer_tool.py | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/tests/test_developer_tool.py b/tests/test_developer_tool.py index b946fe04..208dfe91 100755 --- a/tests/test_developer_tool.py +++ b/tests/test_developer_tool.py @@ -162,24 +162,12 @@ def test_create_new_project(self): tuf.roledb.clear_roledb() tuf.keydb.clear_keydb() - self.assertRaises(OSError, developer_tool.create_new_project ,project_name, + self.assertRaises(OSError, developer_tool.create_new_project, project_name, metadata_directory, location_in_repository, targets_directory, project_key) os.chmod(local_tmp, 0o0777) - shutil.rmtree(metadata_directory) - os.chmod(local_tmp, 0o0555) - - tuf.roledb.clear_roledb() - tuf.keydb.clear_keydb() - self.assertRaises(OSError, developer_tool.create_new_project ,project_name, - metadata_directory, location_in_repository, targets_directory, - project_key) - - - os.chmod(local_tmp, 0o0777) - shutil.rmtree(local_tmp) From 6c419830542d06738896affbb0fee9f0271fc42c Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 10:58:04 -0400 Subject: [PATCH 2/6] Fix URL comparison in test_slow_retrieval_attack.py Signed-off-by: Vladimir Diaz --- tests/test_slow_retrieval_attack.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_slow_retrieval_attack.py b/tests/test_slow_retrieval_attack.py index 02a27b9d..290f7996 100755 --- a/tests/test_slow_retrieval_attack.py +++ b/tests/test_slow_retrieval_attack.py @@ -266,9 +266,9 @@ def test_with_tuf_mode_2(self): file1_target = self.repository_updater.get_one_valid_targetinfo('file1.txt') self.repository_updater.download_target(file1_target, self.client_directory) - # Verify that the specific 'tuf.exceptions.SlowRetrievalError' exception is raised by - # each mirror. 'file1.txt' should be large enough to trigger a slow - # retrieval attack, otherwise the expected exception may not be + # Verify that the specific 'tuf.exceptions.SlowRetrievalError' exception is + # raised by each mirror. 'file1.txt' should be large enough to trigger a + # slow retrieval attack, otherwise the expected exception may not be # consistently raised. except tuf.exceptions.NoWorkingMirrorError as exception: for mirror_url, mirror_error in six.iteritems(exception.mirror_errors): @@ -276,7 +276,7 @@ def test_with_tuf_mode_2(self): url_file = os.path.join(url_prefix, 'targets', 'file1.txt') # Verify that 'file1.txt' is the culprit. - self.assertEqual(url_file, mirror_url) + self.assertEqual(url_file.replace('\\', '/'), mirror_url) self.assertTrue(isinstance(mirror_error, tuf.exceptions.SlowRetrievalError)) else: From fe54935b298a621110149715005b2e061121c287 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 11:01:46 -0400 Subject: [PATCH 3/6] Strip leading path separator from random path in test_updater.py Signed-off-by: Vladimir Diaz --- tests/test_updater.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_updater.py b/tests/test_updater.py index 59cb0cb9..fc33dbb2 100644 --- a/tests/test_updater.py +++ b/tests/test_updater.py @@ -1047,7 +1047,8 @@ def test_6_get_one_valid_targetinfo(self): # Test: invalid target path. self.assertRaises(tuf.exceptions.UnknownTargetError, - self.repository_updater.get_one_valid_targetinfo, self.random_path().lstrip(os.sep)) + self.repository_updater.get_one_valid_targetinfo, + self.random_path().lstrip(os.sep).lstrip('/')) # Test updater.get_one_valid_targetinfo() backtracking behavior (enabled by # default.) From ff183fc0538ada32e18b0c25ceca737d206d037e Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 11:04:50 -0400 Subject: [PATCH 4/6] Convert any backward slashes from path given by client Signed-off-by: Vladimir Diaz --- tuf/client/updater.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tuf/client/updater.py b/tuf/client/updater.py index 97681a3f..73dd6d08 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -2629,6 +2629,8 @@ def get_one_valid_targetinfo(self, target_filepath): # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch. securesystemslib.formats.RELPATH_SCHEMA.check_match(target_filepath) + target_filepath = target_filepath.replace('\\', '/') + if target_filepath.startswith('/'): raise tuf.exceptions.FormatError('The requested target file cannot' ' contain a leading path separator: ' + repr(target_filepath)) From 5dfb02cbd5d527e450ffaed60544ff34fa7a506c Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 11:06:47 -0400 Subject: [PATCH 5/6] List only target paths containing forward slashes in metadata Signed-off-by: Vladimir Diaz --- tuf/repository_lib.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index 2330abbb..cbdc7aec 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -1397,7 +1397,7 @@ def generate_targets_metadata(targets_directory, target_files, version, if len(custom): custom_data = custom - filedict[relative_targetpath] = \ + filedict[relative_targetpath.replace('\\', '/').lstrip('/')] = \ get_metadata_fileinfo(target_path, custom_data) # Copy 'target_path' to 'digest_target' if consistent hashing is enabled. From 3047cdb4878d21cc71e2cb88396309c0640059a5 Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Mon, 23 Apr 2018 11:09:10 -0400 Subject: [PATCH 6/6] Convert backward slashes in target paths given to add_target() and add_targets() Signed-off-by: Vladimir Diaz --- tuf/repository_tool.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index 2545b249..e5f1368a 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -1924,7 +1924,7 @@ def add_target(self, filepath, custom=None): # targets directory. targets_directory_length = len(self._targets_directory) + 1 roleinfo = tuf.roledb.get_roleinfo(self._rolename, self._repository_name) - relative_path = filepath[targets_directory_length:] + relative_path = filepath[targets_directory_length:].replace('\\', '/') if relative_path not in roleinfo['paths']: logger.debug('Adding new target: ' + repr(relative_path)) @@ -1996,7 +1996,8 @@ def add_targets(self, list_of_targets): filepath = os.path.join(self._targets_directory, target) if os.path.isfile(filepath): - relative_list_of_targets.append(filepath[targets_directory_length+1:]) + relative_list_of_targets.append( + filepath[targets_directory_length + 1:].replace('\\', '/')) else: raise securesystemslib.exceptions.Error(repr(filepath) + ' is not'