Update extraneous dependecies test to expect the new NoWorkingMirrorError.

tests/integration/test_extraneous_dependencies_attack.py

@@ -43,7 +43,7 @@
 import tempfile
 
 import tuf
-import tuf.interposition.urllib_tuf as urllib_tuf
+from tuf.interposition import urllib_tuf
 import tuf.tests.util_test_tools as util_test_tools
 
 
@@ -52,8 +52,8 @@ class ExtraneousDependencyAlert(Exception):
 
 
 
-# Interpret the contents of the file it downloads as a list of dependent
-# files from the same repository.
+# Interpret anything following 'requires:' in the contents of the file it
+# downloads as a comma-separated list of dependent files from the same repository.
 def _download(url, filename, directory, TUF=False):
   destination = os.path.join(directory, filename)
   if TUF:
@@ -61,8 +61,11 @@ def _download(url, filename, directory, TUF=False):
   else:
     urllib.urlretrieve(url, destination)
 
-  if util_test_tools.read_file_content(destination) != '':
-    required_files = util_test_tools.read_file_content(destination).split(',')
+  file_contents = util_test_tools.read_file_content(destination)
+
+  # Parse the list of required files (if it exists) and download them.
+  if file_contents.find('requires:') != -1:
+    required_files = file_contents[file_contents.find('requires:') + 9:].split(',')
     for required_filename in required_files:
       required_file_url = os.path.dirname(url)+os.sep+required_filename
       _download(required_file_url, required_filename, directory, TUF)
@@ -81,7 +84,7 @@ def test_extraneous_dependency_attack(TUF=False):
 
   """
 
-  ERROR_MSG = 'Extraneous Dependency Attack was Successful!\n'
+  ERROR_MSG = 'Extraneous Dependency Attack was Successful!'
 
 
   try:
@@ -93,20 +96,27 @@ def test_extraneous_dependency_attack(TUF=False):
     targets_dir = os.path.join(tuf_repo, 'targets')
 
     # Add files to 'repo' directory: {root_repo}.
-    good_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, '')
+    good_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo,
+                                          'the file you need')
     good_dependency_basename = os.path.basename(good_dependency_filepath)
 
-    bad_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, '')
+    bad_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo,
+                                          'the file you don\'t need')
     bad_dependency_basename = os.path.basename(bad_dependency_filepath)
 
     # The dependent file lists the good dependency.
     dependent_filepath = util_test_tools.add_file_to_repository(reg_repo,
-                                                      good_dependency_basename)
+                                          'requires:'+good_dependency_basename)
     dependent_basename = os.path.basename(dependent_filepath)
 
     url_to_repo = url+'reg_repo/'+dependent_basename
-    modified_dependency_list = good_dependency_basename+','+\
-      bad_dependency_basename
+
+    # List the bad dependency first. If an attacker modifies a target by
+    # simply appending the file contents, tuf.download will ignore the appended
+    # data, downloading only as much data as the TUF metadata says the target
+    # should contain.
+    modified_dependency_list = bad_dependency_basename+','+\
+      good_dependency_basename
 
     if TUF:
       # Update TUF metadata before attacker modifies anything.
@@ -122,11 +132,11 @@ def test_extraneous_dependency_attack(TUF=False):
       # Attacker adds the dependency in the targets repository.
       target = os.path.join(targets_dir, dependent_basename)
       util_test_tools.modify_file_at_repository(target,
-                                                modified_dependency_list)
+                                        'requires:'+modified_dependency_list)
 
     # Attacker adds the dependency in the regular repository.
     util_test_tools.modify_file_at_repository(dependent_filepath,
-                                              modified_dependency_list)
+                                        'requires:'+modified_dependency_list)
 
     # End of Setup.
 
@@ -136,11 +146,14 @@ def test_extraneous_dependency_attack(TUF=False):
       _download(url=url_to_repo, filename=dependent_basename,
                 directory=downloads, TUF=TUF)
 
-    except tuf.DownloadError:
-      # If tuf.DownloadError is raised, this means that TUF has prevented
-      # the download of an unrecognized file.  Enable the logging to see,
-      # what actually happened.
-      pass
+    except tuf.NoWorkingMirrorError, error:
+      # We only set up one mirror, so if it fails, we expect a
+      # NoWorkingMirrorError. If TUF has worked as intended, the mirror error
+      # contained within should be a BadHashError.
+      mirror_error = \
+              error.mirror_errors[url+'tuf_repo/targets/'+dependent_basename]
+
+      assert isinstance(mirror_error, tuf.BadHashError)
 
     else:
       # Check if the legitimate dependency was downloaded.
@@ -152,7 +165,8 @@ def test_extraneous_dependency_attack(TUF=False):
         raise ExtraneousDependencyAlert(ERROR_MSG)
   
   finally:
-    util_test_tools.cleanup(root_repo, server_proc)
+    pass
+    # util_test_tools.cleanup(root_repo, server_proc)
 
 
 
@@ -162,12 +176,17 @@ def test_extraneous_dependency_attack(TUF=False):
   
 except ExtraneousDependencyAlert, error:
   print error
+else:
+  print 'Extraneous dependency attack failed.'
 
 
-
-print 'Attempting extraneous dependency attack with TUF:'
+print '\nAttempting extraneous dependency attack with TUF:'
 try:
   test_extraneous_dependency_attack(TUF=True)
 
 except ExtraneousDependencyAlert, error:
   print error
+else:
+  print 'Extraneous dependency attack failed.'
+
+print ''