python-tuf/tests
Lukas Puehringer 17f08ad200 Add simple TUF role metadata model (WIP)
Add metadata module with container classes for TUF role metadata, including
methods to read/serialize/write from and to JSON, perform TUF-compliant
metadata updates, and create and verify signatures.

The 'Metadata' class provides a container for inner TUF metadata objects (Root,
Timestamp, Snapshot, Targets) (i.e. OOP composition)

The 'Signed' class provides a base class to aggregate common attributes (i.e.
version, expires, spec_version) of the inner metadata classes. (i.e. OOP
inheritance). The name of the class also aligns with the 'signed' field of
the outer metadata container.

Based on prior observations in TUF's sister project in-toto, this architecture
seems to well represent the metadata model as it is defined in the
specification (see in-toto/in-toto#98 and in-toto/in-toto#142 for related
discussions).

This commits also adds tests.

**TODO: See doc header TODO list**

**Additional design considerations**
(also in regards to prior sketches of this module)

 - Aims at simplicity, brevity and recognizability of the wireline metadata
   format.

 - All attributes that correspond to fields in TUF JSON metadata are public.
   There doesn't seem to be a good reason to protect them with leading
   underscores and use setters/getters instead, it just adds more code, and
   impedes recognizability of the wireline metadata format.

 - Although, it might be convenient to have short-cuts on the Metadata class
   that point to methods and attributes that are common to all subclasses of
   the contained Signed class (e.g. Metadata.version instead of
   Metadata.signed.version, etc.), this also conflicts with goal of
   recognizability of the wireline metadata. Thus we won't add such short-cuts
   for now. See:
   https://github.com/theupdateframework/tuf/pull/1060#discussion_r452906629

 - Signing keys and a 'consistent_snapshot' boolean are not on the targets
   metadata class. They are a better fit for management code. See:
   https://github.com/theupdateframework/tuf/pull/1060#issuecomment-660056376,
   and #660.

 - Does not use sslib schema checks (see TODO notes about validation in
   doc header)

 - Does not use existing tuf utils, such as make_metadata_fileinfo,
   build_dict_conforming_to_schema, if it is easy and more explicit to
   just re-implement the desired behavior on the metadata classes.

 - All datetime's are treated as UTC. Since timezone info is not captured in
   the wireline metadata format it should not be captured in the internal
   representation either.

 - Does not use 3rd-party dateutil package, in order to minimize dependency
   footprint, which is especially important for update clients which often have
   to vendor their dependencies.
   However, compatibility between the more advanced dateutil.relativedelta (e.g
   handles leap years automatically) and timedelta is tested.

 - Uses PEP8 indentation (4 space) and Google-style doc string instead of
   sslab-style. See
   https://github.com/secure-systems-lab/code-style-guidelines/issues/20

 - Does not support Python =< 3.5

Co-authored-by: Trishank Karthik Kuppusamy <trishank.kuppusamy@datadoghq.com>
Co-authored-by: Joshua Lock <jlock@vmware.com>
Co-authored-by: Teodora Sechkova <tsechkova@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2020-08-20 12:14:40 +02:00
..
repository_data Remove redundant test logic 2020-05-12 22:16:38 +01:00
ssl_certs Test: add https test with expired server certificate 2018-09-26 14:15:36 -04:00
.coveragerc Move omit to run section in .coveragerc 2019-07-11 14:32:49 +02:00
__init__.py Support ISO 8601, vendor iso8601, clean codebase. 2014-04-19 14:27:53 -04:00
aggregate_tests.py Install TUF in editable mode in tox builds 2019-07-11 14:32:49 +02:00
proxy_server.py fix-up tests package word spelling mistake 2019-08-30 22:31:00 +08:00
simple_https_server.py Test: add proxy certs and reorganize certs in test data dir 2018-09-21 13:13:52 -04:00
simple_server.py Remove six.PY2 and platform checks and add warning 2020-05-07 18:06:09 +03:00
slow_retrieval_server.py DOC: Clarify and correct comments on download timeouts 2018-09-10 16:30:32 -04:00
test_api.py Add simple TUF role metadata model (WIP) 2020-08-20 12:14:40 +02:00
test_arbitrary_package_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_developer_tool.py Port to new securesystemslib w abstract filesystem 2020-05-12 22:16:50 +01:00
test_download.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_endless_data_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_exceptions.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_extraneous_dependencies_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_formats.py Remove deprecated securesystemslib.formats schemas 2019-09-17 10:28:10 +01:00
test_indefinite_freeze_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_init.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_key_revocation_integration.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_keydb.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_log.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_mirrors.py Minor cosmetic change to URL creation 2018-04-20 10:57:30 -04:00
test_mix_and_match_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_multiple_repositories_integration.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_proxy_use.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_replay_attack.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00
test_repository_lib.py Support abstract storage for timestamp metadata 2020-06-03 14:16:47 +01:00
test_repository_tool.py Update test_load_repository 2020-06-09 16:48:53 +03:00
test_roledb.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_root_versioning_integration.py Port to new securesystemslib w abstract filesystem 2020-05-12 22:16:50 +01:00
test_sig.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_slow_retrieval_attack.py Remove unused imports 2020-06-04 19:18:33 -05:00
test_tutorial.py Update TUTORIAL and test_tutorial 2020-04-08 18:58:27 +03:00
test_unittest_toolbox.py Use __name__ for loggers, per convention 2020-03-03 10:36:39 +00:00
test_updater.py Port to new securesystemslib w abstract filesystem 2020-05-12 22:16:50 +01:00
test_updater_root_rotation_integration.py Remove PIPE arg and make QuiteHandler the default 2020-05-07 15:53:01 +03:00