From b5263e4322da49f42fb803d547c1937b5836c550 Mon Sep 17 00:00:00 2001 From: dachshund Date: Fri, 13 Sep 2013 17:39:57 -0400 Subject: [PATCH] Fix variable shadow bug, use absolute import in two integration tests. --- tests/integration/test_endless_data_attack.py | 157 +++++++++--------- .../integration/test_slow_retrieval_attack.py | 6 +- 2 files changed, 80 insertions(+), 83 deletions(-) diff --git a/tests/integration/test_endless_data_attack.py b/tests/integration/test_endless_data_attack.py index 3f1e0ac8..b5d9c958 100755 --- a/tests/integration/test_endless_data_attack.py +++ b/tests/integration/test_endless_data_attack.py @@ -37,7 +37,7 @@ import urllib import tuf -import tuf.interposition.urllib_tuf as urllib_tuf +import tuf.interposition import tuf.tests.util_test_tools as util_test_tools @@ -49,13 +49,13 @@ class EndlessDataAttack(Exception): def _download(url, filename, TUF=False): if TUF: - urllib_tuf.urlretrieve(url, filename) + tuf.interposition.urllib_tuf.urlretrieve(url, filename) else: urllib.urlretrieve(url, filename) -def test_arbitrary_package_attack(TUF=False, TIMESTAMP=False): +def test_endless_data_attack(TUF=False, TIMESTAMP=False): """ TUF: @@ -69,105 +69,102 @@ def test_arbitrary_package_attack(TUF=False, TIMESTAMP=False): ERROR_MSG = 'Endless Data Attack was Successful!\n' + # Setup. + root_repo, url, server_proc, keyids = util_test_tools.init_repo(using_tuf=TUF) + reg_repo = os.path.join(root_repo, 'reg_repo') + tuf_repo = os.path.join(root_repo, 'tuf_repo') + downloads = os.path.join(root_repo, 'downloads') + tuf_targets = os.path.join(tuf_repo, 'targets') - try: - # Setup. - root_repo, url, server_proc, keyids = util_test_tools.init_repo(tuf=TUF) - reg_repo = os.path.join(root_repo, 'reg_repo') - tuf_repo = os.path.join(root_repo, 'tuf_repo') - downloads = os.path.join(root_repo, 'downloads') - tuf_targets = os.path.join(tuf_repo, 'targets') + # Original data. + INTENDED_DATA = 'Test A' - # Original data. - INTENDED_DATA = 'Test A' - - # Add a file to 'repo' directory: {root_repo} - filepath = util_test_tools.add_file_to_repository(reg_repo, INTENDED_DATA) - file_basename = os.path.basename(filepath) - url_to_repo = url+'reg_repo/'+file_basename - downloaded_file = os.path.join(downloads, file_basename) - # We do not deliver truly endless data, but we will extend the original - # file by many bytes. - noisy_data = 'X'*100000 + # Add a file to 'repo' directory: {root_repo} + filepath = util_test_tools.add_file_to_repository(reg_repo, INTENDED_DATA) + file_basename = os.path.basename(filepath) + url_to_repo = url+'reg_repo/'+file_basename + downloaded_file = os.path.join(downloads, file_basename) + # We do not deliver truly endless data, but we will extend the original + # file by many bytes. + noisy_data = 'X'*100000 - if TUF: - # Update TUF metadata before attacker modifies anything. - util_test_tools.tuf_refresh_repo(root_repo, keyids) - # Modify the url. Remember that the interposition will intercept - # urls that have 'localhost:9999' hostname, which was specified in - # the json interposition configuration file. Look for 'hostname' - # in 'util_test_tools.py'. Further, the 'file_basename' is the target - # path relative to 'targets_dir'. - url_to_repo = 'http://localhost:9999/'+file_basename + if TUF: + # Update TUF metadata before attacker modifies anything. + util_test_tools.tuf_refresh_repo(root_repo, keyids) + # Modify the url. Remember that the interposition will intercept + # urls that have 'localhost:9999' hostname, which was specified in + # the json interposition configuration file. Look for 'hostname' + # in 'util_test_tools.py'. Further, the 'file_basename' is the target + # path relative to 'targets_dir'. + url_to_repo = 'http://localhost:9999/'+file_basename - # Attacker modifies the file at the targets repository. - target = os.path.join(tuf_targets, file_basename) - original_data = util_test_tools.read_file_content(target) - larger_original_data = original_data + noisy_data - util_test_tools.modify_file_at_repository(target, larger_original_data) - - # Attacker modifies the timestamp.txt metadata. - if TIMESTAMP: - metadata = os.path.join(tuf_repo, 'metadata') - timestamp = os.path.join(metadata, 'timestamp.txt') - original_data = util_test_tools.read_file_content(timestamp) - larger_original_data = original_data + noisy_data - util_test_tools.modify_file_at_repository(timestamp, - larger_original_data) - - # Attacker modifies the file at the regular repository. - original_data = util_test_tools.read_file_content(filepath) + # Attacker modifies the file at the targets repository. + target = os.path.join(tuf_targets, file_basename) + original_data = util_test_tools.read_file_content(target) larger_original_data = original_data + noisy_data - util_test_tools.modify_file_at_repository(filepath, larger_original_data) + util_test_tools.modify_file_at_repository(target, larger_original_data) - # End Setup. + # Attacker modifies the timestamp.txt metadata. + if TIMESTAMP: + metadata = os.path.join(tuf_repo, 'metadata') + timestamp = os.path.join(metadata, 'timestamp.txt') + original_data = util_test_tools.read_file_content(timestamp) + larger_original_data = original_data + noisy_data + util_test_tools.modify_file_at_repository(timestamp, + larger_original_data) + + # Attacker modifies the file at the regular repository. + original_data = util_test_tools.read_file_content(filepath) + larger_original_data = original_data + noisy_data + util_test_tools.modify_file_at_repository(filepath, larger_original_data) + + # End Setup. - # Client downloads (tries to download) the file. - try: - _download(url=url_to_repo, filename=downloaded_file, TUF=TUF) - except Exception, exception: - # Because we are extending the true timestamp TUF metadata with invalid - # JSON, we except to catch an error about invalid metadata JSON. - if TUF and TIMESTAMP: - endless_data_attack = False + # Client downloads (tries to download) the file. + try: + _download(url=url_to_repo, filename=downloaded_file, TUF=TUF) + except Exception, exception: + # Because we are extending the true timestamp TUF metadata with invalid + # JSON, we except to catch an error about invalid metadata JSON. + if TUF and TIMESTAMP: + endless_data_attack = False - for mirror_url, mirror_error in exception.mirror_errors.iteritems(): - if isinstance(mirror_error, tuf.InvalidMetadataJSONError): - endless_data_attack = True - break + for mirror_url, mirror_error in exception.mirror_errors.iteritems(): + if isinstance(mirror_error, tuf.InvalidMetadataJSONError): + endless_data_attack = True + break - # In case we did not detect what was likely an endless data attack, we - # reraise the exception to indicate that endless data attack detection - # failed. - if not endless_data_attack: raise - else: raise + # In case we did not detect what was likely an endless data attack, we + # reraise the exception to indicate that endless data attack detection + # failed. + if not endless_data_attack: raise + else: raise - # When we test downloading "endless" timestamp with TUF, we want to skip - # the following test because downloading the timestamp should have failed. - if not (TUF and TIMESTAMP): - # Check whether the attack succeeded by inspecting the content of the - # update. The update should contain 'Test A'. Technically it suffices - # to check whether the file was downloaded or not. - downloaded_content = util_test_tools.read_file_content(downloaded_file) - if downloaded_content != INTENDED_DATA: - raise EndlessDataAttack(ERROR_MSG) + # When we test downloading "endless" timestamp with TUF, we want to skip + # the following test because downloading the timestamp should have failed. + if not (TUF and TIMESTAMP): + # Check whether the attack succeeded by inspecting the content of the + # update. The update should contain 'Test A'. Technically it suffices + # to check whether the file was downloaded or not. + downloaded_content = util_test_tools.read_file_content(downloaded_file) + if downloaded_content != INTENDED_DATA: + raise EndlessDataAttack(ERROR_MSG) - finally: - util_test_tools.cleanup(root_repo, server_proc) + util_test_tools.cleanup(root_repo, server_proc) try: - test_arbitrary_package_attack(TUF=False, TIMESTAMP=False) + test_endless_data_attack(TUF=False, TIMESTAMP=False) except EndlessDataAttack, error: print('Endless data attack worked on download without TUF!') try: - test_arbitrary_package_attack(TUF=True, TIMESTAMP=False) + test_endless_data_attack(TUF=True, TIMESTAMP=False) except EndlessDataAttack, error: print('Endless data attack worked on download without TUF!') print(str(error)) @@ -177,7 +174,7 @@ def test_arbitrary_package_attack(TUF=False, TIMESTAMP=False): try: # This test fails because the timestamp metadata has been extended with # random data from its true length, thereby resulting in invalid JSON. - test_arbitrary_package_attack(TUF=True, TIMESTAMP=True) + test_endless_data_attack(TUF=True, TIMESTAMP=True) except EndlessDataAttack, error: print('Endless data attack worked on download without TUF!') print(str(error)) diff --git a/tests/integration/test_slow_retrieval_attack.py b/tests/integration/test_slow_retrieval_attack.py index 9d515be2..36870499 100755 --- a/tests/integration/test_slow_retrieval_attack.py +++ b/tests/integration/test_slow_retrieval_attack.py @@ -49,7 +49,7 @@ import urllib -import tuf.interposition.urllib_tuf as urllib_tuf +import tuf.interposition import tuf.tests.util_test_tools as util_test_tools @@ -60,7 +60,7 @@ class SlowRetrievalAttackAlert(Exception): def _download(url, filename, TUF=False): if TUF: try: - urllib_tuf.urlretrieve(url, filename) + tuf.interposition.urllib_tuf.urlretrieve(url, filename) except tuf.NoWorkingMirrorError, exception: slow_retrieval = False for mirror_url, mirror_error in exception.mirror_errors.iteritems(): @@ -97,7 +97,7 @@ def test_slow_retrieval_attack(TUF=False, mode=None): try: # Setup. root_repo, url, server_proc, keyids = \ - util_test_tools.init_repo(tuf=TUF, port=port) + util_test_tools.init_repo(using_tuf=TUF, port=port) reg_repo = os.path.join(root_repo, 'reg_repo') downloads = os.path.join(root_repo, 'downloads')