Commit graph

1220 commits

Author SHA1 Message Date
Jussi Kukkonen
4efd9496dc ngclient: Make DownloadErrors consistent
Fetcher interface should only raise DownloadErrors,
regardless of the implementation.
 * Make sure fetch() wraps non-DownloadError errors in a DownloadError
 * Make the abstract function private _fetch()
 * Try to be more consistent in doscstrings

This now makes the example client more sensible (when server does not
respond):
    $ ./client_example.py download qwerty
    ...
    Failed to download target qwerty: Failed to download url http://127.0.0.1:8000/metadata/2.root.json

(here the latter part of the error string comes from DownloadError
raised by FetcherInterface.fetch())

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-02-04 11:03:12 +02:00
lukpueh
215073e250
Merge pull request #1766 from jku/tests-sim-add-key-rotation
tests: Refactor key rotation in simulator
2022-02-03 13:29:23 +01:00
Martin Vrachev
9533c3f974 Metadata API: add exception tests
Add missing tests testing raising documented
exceptions for "Metadata.sign()",
"Metadata.to_file()" and "Metadata.from_file()".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-27 17:34:00 +02:00
Martin Vrachev
0666520e62 Fix type annotation in test_api
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-27 17:05:57 +02:00
lukpueh
c6dab7e459
Merge pull request #1774 from jku/allow-compressed-metadata-in-flight
Allow compressed metadata in flight
2022-01-25 14:24:13 +01:00
Jussi Kukkonen
b8759a9937 ngclient: allow compression in HTTP responses
This commit tries to deal with two interests:
* metadata is highly repetitive and compressible: allowing compression
  would be good
* there may be broken web servers (see
  404838abcc/src/pip/_internal/download.py (L842))
  that have problems with compression on already compressed target files

We can make things better for that first interest while we have no real
data for the second interest -- our current workarounds to avoid
compression are based on hearsay, not testing.

Now that individual fetchers are possible I suggest we simplify
ngclient and allow compression. As an example the pip Fetcher
could still use the pip response chunking code with all their
workarounds -- pip certainly has better capability to maintain
a mountain of workarounds and also has endless amounts of real-world
testing compared to python-tuf.

Details:
* Stop modifying Accept-Encoding (Requests default includes gzip)
* Don't use response.raw in RequestsFetcher as there is no need:
  This was a workaround for false "Content-encoding: gzip" inserted by
  a broken server -- and the workaround was only possible because we
  knew we never asked for compression
* Fix issue in test_session_get_timeout(): it's not mocking the error
  that requests really raises in this case

Fixes #1251

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-25 15:03:35 +02:00
Lukas Puehringer
3ed21abf2d test: stop using unittest_toolbox in new tests
Update new test modules to stop using unittest_toolbox, in
preparation for its removal in #1790.

The tools provided by unittest_toolbox can easily (in a more
obvious way) be replaced by using the standard library modules
`tempfile` and `random` (no more used) directly.

In the case of tempdir and -file creation/removal, skipping the use
of unittest_toolbox, which does this by default, also uncovers some
test cleanup failures, which would occur when temporary test
directories were removed while a test server hadn't released them.
(see `except OSError: pass` in unittest_toolbox's `tearDown`
method)

**Change details**

**test_fetcher_ng.py:**
- Stop implicitly creating (setUp) and removing (tearDown) tmp test
dirs.  -Move now manual creation of an exemplary targets file to
setUpClass, as the same file is used by all tests. And remove it
explicitly in tearDownClass after killing the server (see note
about failure above).  - Trigger URL parsing error with a hardcoded
invalid URL string instead of a random string.

**test_updater_ng.py**
- Stop implicitly creating (setUp) and removing (tearDown) tmp test
dirs.
- Explicitly create tmp test dirs in setUp, but don't remove
them in tearDown to avoid above mentioned failures. They will be
removed all at once when removing the tmp root test dir in
tearDownClass

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-24 13:54:13 +01:00
Lukas Puehringer
7da6a38335 test: define TESTS_DIR constant
Define TESTS_DIR constant in tests/util.py as full path to the
parent directory of the util module. This may be used to reliably
read other files in tests dir, such es "repository_data" or
"simple_server", regardless of cwd.

This commit also replaces a couple of `getcwd() + "filename"` with
`TESTS_DIR + filename`, so that in the future (post #1790) we
should be able to invoke the tests from anywhere, not only from
within the tests directory as is now the case.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-24 13:54:07 +01:00
Jussi Kukkonen
c6b70cf8dc tests: Remove unused options from simple_server
We never call simple_server with arguments so this is dead code.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-21 11:31:09 +02:00
lukpueh
b2704a56a8
Merge pull request #1783 from MVrachev/drop-python3.6
Drop python3.6 and remove the usage of OrderedDict
2022-01-20 14:46:52 +01:00
Martin Vrachev
e3b267e2e0 Remove OrderedDict in favor of python3.7+ dict
After we drop support for python3.6 we can relly that dictionaries
preserve the insertion order:
https://docs.python.org/3.7/whatsnew/3.7.html

This means we can replace the usage of OrderedDict with a standard
dictionaries.

Something we have to keep in mind is that even thought the insertion
order is preserved the equality comparison for normal dicts is
insensitive for normal dicts compared to OrderedDict

For example:
>>> OrderedDict([(1,1), (2,2)]) == OrderedDict([(2,2), (1,1)])
False
>>> dict([(1,1), (2,2)]) == dict([(2,2), (1,1)])
True

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 18:19:56 +02:00
Martin Vrachev
15ee1d8457 Make LengthOrHashMismatchError a RepositoryError
LengthOrHashMismatchError is a thrown when there are problems with
metadata verification or problems from the repository side when looking
it from the user's perspective.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
32a4545f0b Replace UnsupportedAlgorithmError with ValueError
UnsupportedAlgorithmError is a detailed securesystemslib exception
and there is no need for TUF to redefine it.
Moreover which hash "algorithms" are allowed is work for
securesystemslib not for TUF.

It's only used once inside "Targetfile.from_data()" and there it's used
to denote that there is a problem with the given argument.
That's why this error can be just replaced with "ValueError".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
0cbe2a2034 Remove ReplayedMetadataError
ReplayedMetadataError is a subset of
BadVersionNumberError and in a discussion with
Jussi we realized that ReplayedMetadataError can
be replaced by BadVersionNumberError with a
good message.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
8415d38ad6 Remove URLParsingError
URLParsingError is a specific download error and
is not clear what benefit it provides.
It's used only once in the new code and the
message says everything you need to know about
the exception.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Martin Vrachev
4b61be9cf7 Add tuf/api/exceptions.py
Add tuf/api/exceptions.py for exceptions in the new code.
I copied the exceptions from tuf/exceptions.py with a few important
decisions:
1. I only added the exceptions that are used in the new code
2. I removed the general "Error" class as we can directly inherit
Exceptions
3. I tried grouping the exceptions by relevance
4. I removed the second argument "UnsignedMetadataError" as it's only
kept for backward compatibility and is not used
5. I tried following the new code style guidelines and linted the file
with our linters.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-19 16:52:19 +02:00
Kairo de Araujo
480ab2d05d Fix typo on fast forward test functions
Fix typo on fast forward test functions name.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-17 18:00:05 +01:00
Kairo de Araujo
aa6d28fbc3 explicit encode role names
This commit explicitly encodes role names. Mostly this encoding is already
happening in ``requests`` for what is not a URL.
The "/" in a role name will now be encoded.

Also, a slight change in the RepositorySimulator will align with the tests.

This commit partially covers issue #1634

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-17 12:12:43 +01:00
Jussi Kukkonen
a38bf7c387 tests: Refactor key rotation in simulator
Add a method to rotate roles keys into RepositorySimulator (only
top-level roles are supported for now). Rotation is used in four
places already and this refactoring makes the tests easier to
understand.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-12 09:34:36 +02:00
Martin Vrachev
6f91da61ad ngclient: clean temp file if write fails
When calling updater._persist_metadata() there is a possibility that
writing the temporary file to storage can succeed, but moving it with
os.replace could fail with OSError.
Make sure we are removing the newly created temporary file in that case.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-11 13:43:11 +02:00
Jussi Kukkonen
5809ec51e9
Merge pull request #1754 from jku/role-keyids-order-fix
Metadata API: Make Role.keyids ordered
2022-01-11 13:00:44 +02:00
Lukas Puehringer
8620f389a8 Metadata API: Remove Signed.bump_version() method
Remove `bump_version()` method, which is just an alias for "+= 1"
on the version attribute. For a slim low-level API it seems okay to
just directly access/modify the attribute.

The extra level of abstraction of "bumping a version" is more
appropriate for a repository library (see #1136).

This patch also removes a related unit test and updates another one
to directly do `(...).version +=`.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2022-01-11 10:56:41 +01:00
Martin Vrachev
b47ef92833 Fix pylint warnings
New pylint warnings appeared related to changes
in urlib3:
- tests/test_fetcher_ng.py:128: error: Argument 1 to "ReadTimeoutError"
has incompatible type "None"; expected "ConnectionPool"  [arg-type]
- tests/test_fetcher_ng.py:128: error: Argument 2 to "ReadTimeoutError"
has incompatible type "None"; expected "str"  [arg-type]
I noticed these error in this CI run:
https://github.com/theupdateframework/python-tuf/runs/4764931441?check_suite_focus=true

I fixed them by creating a urllib3.HTTPConnectionPool() instance as
the first argument and replaced the second argument with an empty
string.
This seems to do the job.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2022-01-10 19:56:29 +02:00
Ivana Atanasova
d27c0fd585 Test loading of cached metadata in ngclient
After making a successful update of valid metadata which stores it
in cache and performing a second update with a new updater while
the metadata is already stored in cache, this test verifies that
timestamp, snaphot and targets are loaded from cache and not
downloaded

Fixes #1681

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
2022-01-07 16:02:55 +02:00
Jussi Kukkonen
3d4df876c2
Merge pull request #1741 from sechkova/remove-updater-with-sim
Remove test_updater_with_simulator.py
2022-01-07 12:54:43 +02:00
Jussi Kukkonen
d8591e78a9
Merge pull request #1742 from kairoaraujo/issue#1713/test_fast-forward_recovery_targets
test targets fast-forward attack recovery
2022-01-07 11:23:40 +02:00
Jussi Kukkonen
b12a67c047
Merge pull request #1738 from kairoaraujo/issue#1713/test_fast-forward_recovery_snapshot
test snapshot fast-forward attack recovery
2022-01-07 10:43:55 +02:00
Jussi Kukkonen
80d3fcf56b Metadata API: Make Role.keyids ordered
keyids are ordered in the data we deserialize: Not preserving that order
breaks canonicalization. Set does not preserve order.

Change Role.keyids type from Set to List. This is strictly speaking
an API change but a minor one: keyids are supposed to be changed
via add_key()/remove_key().

Add tests for this for both Role and DelegatedRole. Shorten a related
exception message.

Fix #1752

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2022-01-05 14:28:17 +02:00
Joshua Lock
537a0198b4
Merge pull request #1743 from lukpueh/rm-metadata-api-bump_expiration
Metadata API: Remove Signed.bump_expiration() method
2022-01-05 12:08:24 +00:00
Kairo de Araujo
5b4a47a067 test targets fast-forward attack recovery
This test simulates the targets fast-forward attack recovery.
It simulates that the targets keys were compromised, the attacker
generated a new high version of the targets.

The repository generates new key for snapshot to rollback the
targets version to the initial version.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-01-04 15:14:16 +01:00
Teodora Sechkova
672df74ce8
Remove test_updater_with_simulator.py
Move the remaining
test_snapshot_rollback_with_local_snapshot_hash_mismatch
to test_updater_top_level_update.py and remove the file.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-22 13:23:36 +02:00
Teodora Sechkova
aadc6fdc70
Remove test_keys_and_signatures
Key rotations and metadata update are now extesively tested in:
- test_updater_key_rotations.py
- test_updater_top_level_update.py

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-22 13:23:35 +02:00
Teodora Sechkova
1cfa249dea
Move test_not_loading_targets_twice
Move test_not_loading_targets_twice to
test_updater_top_level_update.py.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-22 13:23:35 +02:00
Teodora Sechkova
21ad93779f
Move test_fishy_rolenames
Move test_fishy_rolenames to test_updater_delegation_graphs.py
and update the test setup.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-22 13:23:33 +02:00
Teodora Sechkova
82a68a6f95
Remove TestUpdater.test_reftesh
Remove TestUpdater.test_refresh from test_updater_with_simulator.
Testing refresh() is now extensively covered in the newly added
test_updater_top_level_update.py.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-22 13:21:58 +02:00
Teodora Sechkova
e752193088
Merge pull request #1728 from sechkova/test-fetch-target
ngtests: Test fetch target
2021-12-22 13:10:31 +02:00
Teodora Sechkova
ed15d111aa
Merge pull request #1711 from sechkova/test-targetfile-search
Extend delegations tests
2021-12-22 13:00:07 +02:00
Lukas Puehringer
9f2c593813 Metadata API: Remove Signed.bump_expiration()
Remove `bump_expiration()` method, which is unlikely to be used as
is, i.e.  bump to "current expiration date plus delta". A more
realistic use case is to bump to "now plus delta" (see #1727 for
details).

Moreover, bump_expiration can either way easily be replaced by a
one-liner expression using the 'datetime' module. A corresponding
code snippet is added to the `expires` property's docstring.  Note:
`expires` became a property with a millisec-removing setter (for
spec conformance) in  #1712, which further reduces the need for a
convenience bump_expiration method.

This patch also removes a related unit test and updates another
one.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-12-22 11:40:36 +01:00
Kairo de Araujo
ac7a804525 remove roles names as str, snapshot order
This commit removes the role names as strings. Also do a slight
change for clarity.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-12-21 14:35:33 +01:00
Teodora Sechkova
d1bc20111c
Define a TestTarget dataclass
Use a dataclass for a better representation of
the target files in the test data set.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-21 13:25:51 +02:00
Teodora Sechkova
adcaf583ef
Add test_invalid_target*
Add test cases covering downloading and loading from cache
targets with non-matching hash and length.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-21 12:57:27 +02:00
Teodora Sechkova
e513460be4
Rename and simplify test_targets
Remove parts of the test case which are covered in other
tests, this way making its purpose clearer.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-21 12:57:26 +02:00
Teodora Sechkova
7af7836537
Add tests/test_updater_fetch_target.py
Add a new test file and class for testing target files
fetching.
Move test_targets from test_updater_with_simulator.py to
tests/test_updater_fetch_targets.py.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-21 12:57:26 +02:00
Teodora Sechkova
36eaffaa64
Add TestTargetCase dataclass
Use a dataclass for a better visual representation of
the test case data set.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-21 12:12:08 +02:00
lukpueh
cc2326d3ca
Merge pull request #1736 from lukpueh/rm-metadata-api-update
Metadata API: Remove 3 'update' methods + tests
2021-12-21 10:52:32 +01:00
lukpueh
1f3654fb97
Merge pull request #1712 from ivanayov/no_microseconds_in_api_for_signed_expires
Remove microseconds from metadata API Signed.expires
2021-12-21 10:14:42 +01:00
Lukas Puehringer
f22f357934 Metadata API: Remove 3 'update' methods + tests
Remove ambiguous, unspecific, opinionated and trivial 'update'
methods, which can be replaced by feasible one-liners that assign
values directly to the object attribute to be *updated*. (see #1627
for details).

Reasons to have these methods would be increased usability in terms of
- reduced work
- immediate feedback on invalid assignments

However, given above described issues, the reasons against the
methods as they are now seem to outweigh the reasons for them.
Furthermore, it seems easier to re-add similar methods, which
addressed these issues, after the upcoming 1.0.0 release than to
remove or modify them.

This patch also removes the corresponding tests as they become
irrelevant (there is no need to test object assignment).  In the
case of the timestamp test, the removal also includes redundant
test logic, which is already tested in `test_metadata_base`.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2021-12-21 09:48:31 +01:00
Kairo de Araujo
8a8fff303a test snapshot fast-forward attack recovery
This test simulates the snapshot fast-forward attack recovery.
It simulates that the snapshot keys were compromised, the attacker
generated a new high version of the snapshot.

The repository generates new keys for snapshot and timestamp and
rollbacks the snapshot version to the initial version.

Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2021-12-21 09:13:02 +01:00
Teodora Sechkova
d10c8e980d
Use raw string in TestTargetFileSearch docstirng
Using a raw string allows the use of backslashes
in the docstring comment whithout them being interpreted
as an escape character.

It also silences pylint W1401: anomalous-backslash-in-string.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-20 19:04:09 +02:00
Teodora Sechkova
7eea3f908b
Add tests for invalid delegated role metadata
Extend TestDelegationsGraphs with a test case for
unsigned metadata.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-12-20 19:04:09 +02:00