From a3fbb50b2a5afcd4b72a5ff353a82f9a4463dcf6 Mon Sep 17 00:00:00 2001 From: zanefisher Date: Thu, 12 Sep 2013 14:53:57 -0400 Subject: [PATCH] Update extraneous dependecies test to expect the new NoWorkingMirrorError. --- .../test_extraneous_dependencies_attack.py | 61 ++++++++++++------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/tests/integration/test_extraneous_dependencies_attack.py b/tests/integration/test_extraneous_dependencies_attack.py index 2813bdfd..2b7799f7 100755 --- a/tests/integration/test_extraneous_dependencies_attack.py +++ b/tests/integration/test_extraneous_dependencies_attack.py @@ -43,7 +43,7 @@ import tempfile import tuf -import tuf.interposition.urllib_tuf as urllib_tuf +from tuf.interposition import urllib_tuf import tuf.tests.util_test_tools as util_test_tools @@ -52,8 +52,8 @@ class ExtraneousDependencyAlert(Exception): -# Interpret the contents of the file it downloads as a list of dependent -# files from the same repository. +# Interpret anything following 'requires:' in the contents of the file it +# downloads as a comma-separated list of dependent files from the same repository. def _download(url, filename, directory, TUF=False): destination = os.path.join(directory, filename) if TUF: @@ -61,8 +61,11 @@ def _download(url, filename, directory, TUF=False): else: urllib.urlretrieve(url, destination) - if util_test_tools.read_file_content(destination) != '': - required_files = util_test_tools.read_file_content(destination).split(',') + file_contents = util_test_tools.read_file_content(destination) + + # Parse the list of required files (if it exists) and download them. + if file_contents.find('requires:') != -1: + required_files = file_contents[file_contents.find('requires:') + 9:].split(',') for required_filename in required_files: required_file_url = os.path.dirname(url)+os.sep+required_filename _download(required_file_url, required_filename, directory, TUF) @@ -81,7 +84,7 @@ def test_extraneous_dependency_attack(TUF=False): """ - ERROR_MSG = 'Extraneous Dependency Attack was Successful!\n' + ERROR_MSG = 'Extraneous Dependency Attack was Successful!' try: @@ -93,20 +96,27 @@ def test_extraneous_dependency_attack(TUF=False): targets_dir = os.path.join(tuf_repo, 'targets') # Add files to 'repo' directory: {root_repo}. - good_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, '') + good_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, + 'the file you need') good_dependency_basename = os.path.basename(good_dependency_filepath) - bad_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, '') + bad_dependency_filepath = util_test_tools.add_file_to_repository(reg_repo, + 'the file you don\'t need') bad_dependency_basename = os.path.basename(bad_dependency_filepath) # The dependent file lists the good dependency. dependent_filepath = util_test_tools.add_file_to_repository(reg_repo, - good_dependency_basename) + 'requires:'+good_dependency_basename) dependent_basename = os.path.basename(dependent_filepath) url_to_repo = url+'reg_repo/'+dependent_basename - modified_dependency_list = good_dependency_basename+','+\ - bad_dependency_basename + + # List the bad dependency first. If an attacker modifies a target by + # simply appending the file contents, tuf.download will ignore the appended + # data, downloading only as much data as the TUF metadata says the target + # should contain. + modified_dependency_list = bad_dependency_basename+','+\ + good_dependency_basename if TUF: # Update TUF metadata before attacker modifies anything. @@ -122,11 +132,11 @@ def test_extraneous_dependency_attack(TUF=False): # Attacker adds the dependency in the targets repository. target = os.path.join(targets_dir, dependent_basename) util_test_tools.modify_file_at_repository(target, - modified_dependency_list) + 'requires:'+modified_dependency_list) # Attacker adds the dependency in the regular repository. util_test_tools.modify_file_at_repository(dependent_filepath, - modified_dependency_list) + 'requires:'+modified_dependency_list) # End of Setup. @@ -136,11 +146,14 @@ def test_extraneous_dependency_attack(TUF=False): _download(url=url_to_repo, filename=dependent_basename, directory=downloads, TUF=TUF) - except tuf.DownloadError: - # If tuf.DownloadError is raised, this means that TUF has prevented - # the download of an unrecognized file. Enable the logging to see, - # what actually happened. - pass + except tuf.NoWorkingMirrorError, error: + # We only set up one mirror, so if it fails, we expect a + # NoWorkingMirrorError. If TUF has worked as intended, the mirror error + # contained within should be a BadHashError. + mirror_error = \ + error.mirror_errors[url+'tuf_repo/targets/'+dependent_basename] + + assert isinstance(mirror_error, tuf.BadHashError) else: # Check if the legitimate dependency was downloaded. @@ -152,7 +165,8 @@ def test_extraneous_dependency_attack(TUF=False): raise ExtraneousDependencyAlert(ERROR_MSG) finally: - util_test_tools.cleanup(root_repo, server_proc) + pass + # util_test_tools.cleanup(root_repo, server_proc) @@ -162,12 +176,17 @@ def test_extraneous_dependency_attack(TUF=False): except ExtraneousDependencyAlert, error: print error +else: + print 'Extraneous dependency attack failed.' - -print 'Attempting extraneous dependency attack with TUF:' +print '\nAttempting extraneous dependency attack with TUF:' try: test_extraneous_dependency_attack(TUF=True) except ExtraneousDependencyAlert, error: print error +else: + print 'Extraneous dependency attack failed.' + +print ''