Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
223 commits 28 branches 35 tags 23 MiB
Commit graph

223 commits

This branch
This branch
All branches
Author SHA1 Message Date
zhengyuyu
dcae72c19d delete signal import 2013-08-28 05:53:00 -04:00
zhengyuyu
6638089b99 Fix the slow retrieval attack issue 
download.py:Add a timeout and rewrite the _fileobject.read()

test_slow_retrieval_attack.py:Add a new kind of slow retrieval attack

slow_retrieval_server.py:Modification for new kind of slow retrieval attack
 2013-08-28 05:43:47 -04:00
dachshund
8edf2fc3f5 Removed an unsafe edge case, but updater unit tests need to be fixed. 
Specifically, we do not intentionally set any file metadata to be None
and then download the file unsafely.

Some of the tuf.client.updater unit tests fail because it was previously
possible to unsafely download metadata for any role. We need to fix
this.
 2013-08-06 14:31:21 -04:00
dachshund
3c18b58b71 Adapt Zheng Yuyu's changes. 2013-08-06 13:40:24 -04:00
zhengyuyu
0c83799c85 Fix the endless data attack issue 
modification of updater.py for download.py

modification of conf.py for fix

modification of test_download.py for download.py

modification of test_updater.py for download.py

add a new test of endless data attack to metadata timestamp.txt

more readable and fix the endless data attack issue.
 2013-08-02 16:32:55 -04:00
dachshund
6c2251c0bd Merge code from @zhengyuyu which makes a function more readable. 
His code splits tuf.download.download_url_to_tempfileobj into two major
pieces. The first piece opens a connection to a URL, and computes
the required and reported lengths for downloading data from that given
URL. The second piece downloads data from the given URL in such a way
that we can defend against endless data and slow retrieval attacks.
 2013-07-22 14:23:29 -04:00
zhengyuyu
20551a7989 Splits the real download procedure from the download_url_to_tempfileobj and put it into a new function. this makes the download_url_to_tempfileobj clearer and more modular 2013-07-22 00:20:12 -04:00
dachshund
a559727398 Fast test for breach of delegation. 2013-07-08 09:11:25 +08:00
dachshund
471df8287b Merge branch 'master' of github.com:theupdateframework/tuf 2013-07-06 21:21:59 +08:00
dachshund
0074aebfc7 Comment about Unicode filenames; #61. 2013-07-06 21:21:33 +08:00
dachshund
f22a80808f Comment about Unicode filenames. 2013-07-06 21:19:32 +08:00
dachshund
a106c2ebf0 Comment about Unicode filenames. 2013-07-06 21:17:53 +08:00
dachshund
a3d924c9a1 Abstraction for walking over files in a directory. 2013-07-06 01:33:15 +08:00
dachshund
4910e7a065 Test conservation of delegated targets. 2013-07-03 00:33:26 +08:00
dachshund
6582cce39a Merge branch 'master' into ordered-delegations 2013-07-02 22:22:45 +08:00
dachshund
db8481f989 Test that delegation of targets works in order of appearance of roles. 2013-07-02 22:19:20 +08:00
dachshund
0b8337c01f Conditionally deconfigure TUF interposition for system tests. 2013-07-02 20:26:01 +08:00
dachshund
57bd1df14e Test that delegated targets roles cannot breach delegated paths. 2013-07-01 16:07:43 +08:00
dachshund
f90873572a Deconfigure interposition on test repository cleanup. 2013-07-01 16:07:15 +08:00
dachshund
e76454b4ed Allow deconfiguration of interposition. 2013-07-01 15:59:15 +08:00
dachshund
e74689345e Test that initial update works with target delegations. 2013-07-01 12:44:20 +08:00
dachshund
b40191ba1f Restructing of delegations integration test. 2013-06-30 12:19:44 +08:00
Trishank Karthik Kuppusamy
a6eb575fea Merge pull request #69 from johnward2/master 
Fix several naming and scope errors.
 2013-06-25 23:05:03 -07:00
johnward2
a0179a5109 Fix several naming and scope errors. 
- "quickstart.py:292: No global (EEXIST) found"
 - "basic_client.py:194: No global (option_parser) found"
 - "rsa_key.py:108: No global (EnvelopeError) found"
 - "rsa_key.py:108: No global (KeygenError) found"
 - "util.py:56: No global (temp_dir) found"
 2013-06-25 18:44:34 -04:00
dachshund
c138b67828 Ensure that we explore only delegated roles trusted with the desired target. 2013-06-24 18:35:17 +08:00
dachshund
cb1f552703 Neutral refactoring of schema. 2013-06-24 18:09:36 +08:00
dachshund
aa11987b11 First cut at adapting Konstantin's delegations test. 2013-06-24 09:50:58 +08:00
dachshund
42e9dffd24 Patch mock signercli.make_delegation prompts. 2013-06-23 13:08:26 +08:00
dachshund
47abec8cde Find target in order of trust. 2013-06-23 10:36:21 +08:00
dachshund
688b0e21ca WIP on adjusting tuf.client.updater to use list of roles. 2013-06-22 16:23:52 +08:00
dachshund
e00a3549ce Adjust tests.test_signercli to use list of roles. 2013-06-21 12:32:51 +08:00
dachshund
1edd6b611e Ensure uniqueness of names in making delegations. 2013-06-21 00:54:29 +08:00
dachshund
a8380e4768 Export tuf.tests; mock recursive walk in signercli.py. 2013-06-20 21:32:49 +08:00
dachshund
4ab7d12998 Update tuf.formats.TARGET_SCHEMA and adjust tests.test_formats.py. 2013-06-20 20:43:24 +08:00
dachshund
03348f2dbb Introduce name property for tuf.formats.ROLE_SCHEMA. 2013-06-20 19:56:34 +08:00
dachshund
99ae000645 Clarify priority tags. 2013-06-19 01:35:35 +08:00
dachshund
c504d4929d Minor code motion. 2013-06-19 00:53:01 +08:00
dachshund
883b001f12 Correct computation of relative target paths. 2013-06-17 07:21:23 +08:00
dachshund
a13c3dbf02 WIP on recursively walking a targets directory. 2013-06-10 15:16:49 -04:00
dachshund
260176517e Update spec to discuss priority tags. 2013-05-21 08:23:16 -04:00
Kon
f7ebbffd0b Added test_pushtoolslib.py and test_push.py. 2013-04-28 23:18:41 -04:00
Kon
09fa5a0f82 Modified pushtoolslib.py and util_test_tools.py. 2013-04-28 23:16:36 -04:00
Kon
d921949c09 Merge branch 'master' of github.com:akonst/tuf 2013-04-22 05:59:03 -04:00
dachshund
cab37422b3 Merge remote-tracking branch 'origin/master' 2013-04-15 21:40:45 -04:00
dachshund
1367deda09 Kludges to work around #61. 2013-04-15 21:40:09 -04:00
Kon
8ba1beb6c8 Cleaned-up test_mix_and_match_attack.py. 2013-04-13 16:05:49 -04:00
Kon
420c1abd04 Fix for metadata mix-and-match vulnerability. 2013-04-13 15:49:38 -04:00
Kon
ce28c455aa Fixed a minor bug: 'message' variable changed prompt-message whenever exceptions was caught, it manifested in the subsequent iterations. 2013-04-13 14:58:13 -04:00
Kon
f46b1f71ea Added mix-and-match attack test and statement_coverage (based on coverage.py). 2013-04-13 12:56:10 -04:00
dachshund
753f318990 Deduplicate imports of delegations. 2013-04-12 16:41:14 -04:00