Commit graph

6224 commits

Author SHA1 Message Date
Joshua Lock
8e9677d262
Merge pull request #1503 from joshuagl/joshuagl/readme-refactor
Add information about current project state/refactor to the README
2021-07-20 20:21:19 +01:00
Joshua Lock
089f01f5fa README: describe the current state of the project refactor
Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-07-20 12:48:52 +01:00
Joshua Lock
237c6b2836 README: update links to the specification
Link to the latest, rendered, version of the specification

Signed-off-by: Joshua Lock <jlock@vmware.com>
2021-07-20 12:48:21 +01:00
Jussi Kukkonen
c33096ef2b
Merge pull request #1500 from theupdateframework/dependabot/pip/charset-normalizer-2.0.3
build(deps): bump charset-normalizer from 2.0.2 to 2.0.3
2021-07-20 13:53:25 +03:00
dependabot[bot]
3443cfcf22
build(deps): bump charset-normalizer from 2.0.2 to 2.0.3
Bumps [charset-normalizer](https://github.com/ousret/charset_normalizer) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/ousret/charset_normalizer/releases)
- [Commits](https://github.com/ousret/charset_normalizer/compare/2.0.2...2.0.3)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-19 10:05:54 +00:00
Jussi Kukkonen
c37d21d05b ngclient: Add module documentation
* Added module docs and a simple example
* Experimented with sphinx linking for classes and methods
  (it's pretty ugly in source format)
* Small improvements in the methods docs

Fixes #1385

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-07-19 10:41:42 +03:00
Martin Vrachev
c7c9d0f321 TrustedMetadataSet testing: use Metadata.to_bytes
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-16 16:57:28 +03:00
Martin Vrachev
6a942889ff ngclient TrustedMetadataSet: improve unit testing
The current situation with the TrustedMetadataSet testing is that
we don't have a mnimimal amount of unit tests testing the different
branches in the various API functionality in the class.

This commit proposes simple unit tests covering almost all of the
branches in the API functions and increasing the unit test coverage
(as reported from the "coverage" tool) from 74 % to 97 %.

The code could be complicated at places, because the different
branches in the update_* functions depend on other metadata classes
as well.
Still, I hope we can find a way and simplify the code.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-16 16:57:23 +03:00
Martin Vrachev
726af73256 ng client metadata set: organize common test code
Move the shared code between tests into the "setupClass" function.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-16 15:49:00 +03:00
Jussi Kukkonen
69dca08b9a
Merge pull request #1490 from MVrachev/metadata-to-bytes
Metadata API: add Metadata.to_bytes()
2021-07-16 15:14:52 +03:00
Jussi Kukkonen
e6813e4e91
Merge pull request #1495 from avelichka/develop
Use %-style formatting in logging
2021-07-16 15:14:32 +03:00
Joshua Lock
267ce830a3
Merge pull request #1496 from jku/update-deps
Update pinned dependencies
2021-07-16 11:53:38 +01:00
Martin Vrachev
4f37de1b53 Metadata API: add Metadata.to_bytes()
Metadata.to_bytes() is missing from the API and that is now becoming
annoying when writing the tests.
I think it makes sense to add:
it'll complete the serializing counterparts to from_bytes()/from_file().

We can also reuse to_bytes() in to_file() and that way ensure we don't
import the JSONSerializer locally twice.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-15 15:38:14 +03:00
Jussi Kukkonen
110bd2dcf7 Update pinned dependencies
* Re-adds six: we don't use it but dependencies do
* Bumps [cffi](http://cffi.readthedocs.org) from 1.14.5 to 1.14.6.
* Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.26.0.
  - [Release notes](https://github.com/psf/requests/releases)
  - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md)
  - [Commits](https://github.com/psf/requests/compare/v2.25.1...v2.26.0)
* Replaces chardet 4.0.0 with charset-normalizer 2.0.2: This is a
  requests dependency change
* Bumps [idna](https://github.com/kjd/idna) from 2.10 to 3.2. This is
  now possible because requests now supports idna 3.x
  - [Release notes](https://github.com/kjd/idna/releases)
  - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
  - [Commits](https://github.com/kjd/idna/compare/v2.10...v3.2)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-07-15 13:35:17 +03:00
Jussi Kukkonen
23e4f5cdcc
Merge pull request #1481 from MVrachev/fix-role-keyids-order
Metadata API: preserve Role.keyids order
2021-07-15 11:52:35 +03:00
Velichka Atanasova
db04c7132c Use %-style formatting in logging
Replacing the f-strings in logging with %-style formatted strings.

Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
2021-07-14 15:12:12 +03:00
Jussi Kukkonen
04bbc03b9f
Merge pull request #1493 from jku/updated-commands-python3
updated docs and comments
2021-07-14 12:32:28 +03:00
samuelgregorovic
112575d987 updated docs and comments
Updated/removed documented commands and comments which were referencing Python2. Also updated links to documentation referencing Python2 docs (unchanged where needed)

Signed-off-by: Samuel Gregorovic <samuelgregorovic@gmail.com>
Signed-off-by: samuelgregorovic <samuelgregorovic@gmail.com>
2021-07-14 10:37:08 +03:00
Jussi Kukkonen
f6df086847
Merge pull request #1448 from sechkova/review-download-code
Review download code
2021-07-14 10:24:23 +03:00
Joshua Lock
bd5912bcc7
Merge pull request #1436 from jku/verify-delegate
Metadata API: Implement threshold verification
2021-07-12 11:45:57 +01:00
Martin Vrachev
df9f3df75d Metadata API: preserve Role.keyids order
We made Role.keyids a set because the keyids are supposed
to be unique and this still makes sense.

However, the data should also preserve order
(when deserialized and serialized) and currently, it does not.
This is fairly serious since writing signed data potentially modifies
the data (making the signature invalid).

The simplest solution (as proposed by Teodora) is to sort the
set during serialization and that would ensure the order of the items.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-09 16:51:25 +03:00
Teodora Sechkova
0eff004af5
Replace required_length with max_length
Rename required_length argument in fetcher to
max_length to better match its purpose.
Docstring improvements.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-09 15:19:22 +03:00
Jussi Kukkonen
271d5b7810 Metadata API: verify_delegate: refactor
* Rename arguments so connection between the role name and the
  metadata is stronger.
* Also add a comment on the list comprehension + next() trick.
* Add return value annotation
* Raise early if delegations is None to make the flow more obvious
  (and modify test case so we have coverage for the new case)

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-07-08 20:16:42 +03:00
Joshua Lock
885fcacd0b
Merge pull request #1270 from lukpueh/adr0006
ADR0006: Where to implement model serialization
2021-07-08 09:06:03 +01:00
Teodora Sechkova
1596de2454
Move download.py functions to FetcherInterface
Make download_file and download_bytes functions part of
the FetcherInterface class. Remove download.py module.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:46:46 +03:00
Teodora Sechkova
16f42fc146
Add type annotations
Add missing type annotations in download.py, fetcher.py
and requests_fetcher.py
Update docstrings to match the new style.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:43:29 +03:00
Teodora Sechkova
9daccac7f8
Reduce logging in requests_fetcher
Remove repetitive debug logging.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:39:58 +03:00
Teodora Sechkova
35fb22c13a
Simplify RequestsFetcher.fetch()
Make the internal function chunks() a separate
private method of Reqests fetcher.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:39:58 +03:00
Teodora Sechkova
0b77eb90b8
Implement download_file as contextmanager
It allows us to remove the disable of pylint consider-using-with
warning and does not require any manual file closing.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:31:49 +03:00
Teodora Sechkova
8692663fbc
Reduce download logging
Remove logging when an exception is raised.
Reduce logging level to debug.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:31:49 +03:00
Teodora Sechkova
8c2229478f
Remove format checks
Remove format checking of download_file() parameters.
The function is internal and receives trusted input from
updater.py.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:31:49 +03:00
Teodora Sechkova
c4a9ec1141
Remove strict_required_length option
Remove the strict length check in download.py and
check only if an upper bowndary is exceeded.

Exact length is not known for some metadata files
during download. The check makes the code unnecessarily
complicated and is better suited for the later metadata
verification step.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:31:48 +03:00
Teodora Sechkova
d1250cc8a8
Remove average download speed check
The average download speed check does not achieve its
purpose of protecting against slow retrieval attacks.
Such protection is highly dependent on the networking
stack which could be user-provided and not under
tuf's control.
The slow retrieval attack protection has been removed
from the specification for similar reasons.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-07 17:31:45 +03:00
Jussi Kukkonen
24fa112811
Merge pull request #1460 from MVrachev/invalid-attributes-tests
Metadata API: test invalid input values for attributes
2021-07-07 16:21:08 +03:00
Martin Vrachev
1ba812581b ADR 8: change "Decision outcome"
After a discussion with Jussi, we realized that there are a couple of
places where we don't want to allow unrecognized fields because the
they are sensitive dictionaries and the specification requires an items
of certain types inside them.
The places where we don't want to allow unrecognized fields are
"keys", "roles", "meta", "hashes" or "targets".

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-07 15:37:36 +03:00
Martin Vrachev
9c8aa1da06 Test new API: serialization tests for invalid arg
A while ago we decided that it's best to research each of the individuals
attributes one by one and identify what level of validation it needs
compared to how we use it:
https://github.com/theupdateframework/tuf/pull/1366#issuecomment-829288790.

This work is ongoing and there are a couple of commits already merged
for this:
- 6c5d970799
- f20664d2fc
- 41afb1e134

We want to be able to test the attributes validation against known bad
values.
The way we want to do that is with table testing we have added
using decorators for our metadata classes defined in New API:
https://github.com/theupdateframework/tuf/pull/1416.
This gives us an easy way to add new cases for each of the attributes and
not depend on external files.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-07 13:59:28 +03:00
Martin Vrachev
452aad8d00 Metadata API: fix Key validation exception
In pr https://github.com/theupdateframework/tuf/pull/1449 we introduced
Key validation and there decided to raise "ValueError" if one of
keyid, scheme, keyval or keytype is not a string.
That seems like a mistake given that in the python docs it's written:
"Passing arguments of the wrong type
(e.g. passing a list when an int is expected) should result
in a TypeError, but passing arguments with the wrong value
(e.g. a number outside expected boundaries) should result
in a ValueError."

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-07 13:59:28 +03:00
Jussi Kukkonen
a91a1abf97
Merge pull request #1466 from MVrachev/unrecognized_fields
Metadata API: Simplify unrecognized fields testing
2021-07-07 11:27:55 +03:00
Jussi Kukkonen
a71ec9dfed
Merge pull request #1467 from sechkova/use-api-hash-verification
ngclient: use MetaFile/TargetFile verification
2021-07-07 11:26:20 +03:00
Jussi Kukkonen
f8046d8e67
Merge pull request #1470 from sechkova/ngclient-settings
ngclient constants and configuration
2021-07-07 11:25:46 +03:00
Jussi Kukkonen
faeaf347e4
Merge pull request #1480 from MVrachev/fix-keyval-check
Metadata API: Fix keyval "public" requirement
2021-07-07 11:21:13 +03:00
Teodora Sechkova
37defa9982
Add RequestsFetcher settings as attributes
Stop using the settings module and add the RequestsFetcher
specific config as instance attributes.
Users of the requests-based fetcher implementation can
modify them after instantiating a RequestsFetcher
object if needed.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-06 19:40:54 +03:00
Teodora Sechkova
520b344775
Rename UpdaterConfig attributes
Since configuration constants are now part of a
config class, make them lower case. This also avoids
pylint's invalid-name error for class attributes.

Remove the 'default' prefix as they are now configurable
options.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-06 19:35:56 +03:00
Teodora Sechkova
1b28604a3e
Use TargetFile.verify_length_and_hashes in updated_targets
Remove the hash check and call TargetFile.verify_length_and_hashes
instead.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-06 14:07:07 +03:00
Teodora Sechkova
aeccb05afb
Use TargetFile.verify_length_and_hashes in download_target
Replace Updater._check_file_lenght and Updater._check_hashes_obj
with TargetFile.verify_length_and_hashes.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-06 14:05:57 +03:00
Martin Vrachev
88422de1fc Metadata API: Fix keyval "public" requirement
Currently, we require that the keyval attribute in the Key class
is a dictionary and has "public" as a key, otherwise, we throw
KeyError or ValueError.

This requirement is too strict given that in the spec for KEYVAL it's
only said that KEYVAL is:
"A dictionary containing the public portion of the key."
See: https://theupdateframework.github.io/specification/latest/index.html#keyval

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2021-07-05 19:07:28 +03:00
Teodora Sechkova
a50e76d815
Add client config module
Add a config module containing a dataclass
UpdaterConfig with all client settings.
Initialize updater with default settings
if no other condig is provided.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-05 18:35:32 +03:00
Teodora Sechkova
eafa32167b
Use MetaFile.verify_length_and_hashes in ngclient
Use MetaFile.verify_length_and_hashes during snapshot
and targets verification in TrustedMetadataSet.

Remove pylint: disable=too-many-branches.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
2021-07-05 17:57:29 +03:00
Jussi Kukkonen
48b58d9be9 Metadata API: Don't peek into Key internals
There was an attempt at ensuring key content uniqueness in
verify_delegate() by making sure the values corresponding to "public"
keys in Key.keyval dictionaries are unique. This had two issues:
 * it wasn't a security measure: it's not difficult to produce two
   different "public" values of the same key content
 * Spec does not actually guarantee the existence of "public" key in
   the keyval dictionary (the three keys included in the spec just all
   happen to have it)

Luckily the spec does require KEYIDs to be unique so we do not need to
do all this: Just count keyids of keys with verified signatures. Keep
building a Set of keyids as a belt-and-suspenders strategy: Role keyids
are currently guaranteed to be unique but we'd notice here if they
weren't.

Add a logger call for failed verifys: this might useful to figure out
which keys exactly are the issue when a delegate can not be verified.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-07-05 15:13:00 +03:00
Jussi Kukkonen
d00af4c101 tests: Improve verify_delegate() tests
Make sure verify_delegate() succeeds when threshold is reached even if
some signatures fail to verify.

Make sure higher threshold (2/2) works.

Change error type for "Call is valid only on delegator metadata" error.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-07-05 15:13:00 +03:00