def test_invalid_algorithm_checksumfile2(self):
with pytest.raises(ValueError):
IcetrustUtils.verify_checksum(os.path.join(TEST_DIR, 'file1.txt'),
'rc4',
checksumfile=os.path.join(
TEST_DIR,
'file1.txt.SHA256SUMS'))
def test_valid_checksum(self):
cmd_output = []
assert IcetrustUtils.verify_checksum(os.path.join(
TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksum_value=FILE1_HASH,
cmd_output=cmd_output) is True
assert len(cmd_output) == 0
def test_valid_checksum_verbose(self, mock_msg_callback):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksum_value=FILE1_HASH,
msg_callback=mock_msg_callback) is True
assert len(mock_msg_callback.messages) == 2
assert mock_msg_callback.messages[0] == 'Algorithm: sha256'
assert mock_msg_callback.messages[1] == 'File hash: ' + FILE1_HASH
def test_doesnt_exists_file_verbose(self, mock_msg_callback):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'foobar.txt'),
DEFAULT_HASH_ALGORITHM,
checksumfile=os.path.join(TEST_DIR, 'file1.txt.SHA256SUMS'),
msg_callback=mock_msg_callback) is False
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[
0] == "[Errno 2] No such file or directory: 'test_data/foobar.txt'"
def test_doesnt_exists_checksum_file_valid(self, mock_msg_callback):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksumfile=os.path.join(TEST_DIR, 'foobar.txt'),
msg_callback=mock_msg_callback) is False
assert len(mock_msg_callback.messages) == 3
assert mock_msg_callback.messages[0] == 'Algorithm: sha256'
assert mock_msg_callback.messages[1] == 'File hash: ' + FILE1_HASH
assert mock_msg_callback.messages[
2] == "[Errno 2] No such file or directory: 'test_data/foobar.txt'"
def test_invalid1_checksumfile_with_cmd_output(self):
cmd_output = []
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt.SHA256SUMS'),
DEFAULT_HASH_ALGORITHM,
checksumfile=os.path.join(TEST_DIR, 'file1.txt'),
cmd_output=cmd_output) is False
assert len(cmd_output) == 3
assert cmd_output[0] == 'Algorithm: sha256'
assert cmd_output[
1] == 'File checksum: ca68d23d93b2611b380a57fa076684e1f5fa76d0d6bbd6df00c9aed28347e383'
assert cmd_output[2] == 'No match found in checksum file'
def pgpchecksumfile(verbose, filename, checksumfile, signaturefile, algorithm, keyfile, keyid, keyserver):
"""Verify FILENAME via a PGP-signed CHECKSUMFILE, with a signature in SIGNATUREFILE using provided keys"""
# Check input parameters
if keyfile is None and (keyid is None or keyserver is None):
click.echo("ERROR: Either '--keyfile' or '--keyid/--keyserver' parameters must be set!")
sys.exit(2)
# Initialize PGP and import keys
gpg = IcetrustUtils.pgp_init(verbose)
import_result = IcetrustUtils.pgp_import_keys(gpg, keyfile=keyfile, keyid=keyid, keyserver=keyserver,
msg_callback=IcetrustUtils.process_verbose_flag(verbose))
if import_result is False:
_process_result(import_result)
# Verify checksums file
verification_result = IcetrustUtils.pgp_verify(gpg, checksumfile, signaturefile,
msg_callback=IcetrustUtils.process_verbose_flag(verbose))
if verification_result.status is False:
_process_result(verification_result)
# Check hash against the checksums file
checksum_valid = IcetrustUtils.verify_checksum(filename, algorithm, checksumfile=checksumfile,
msg_callback=IcetrustUtils.process_verbose_flag(verbose))
_process_result(checksum_valid)
def test_invalid_algorithm_checksum1(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
'md5',
checksum_value=FILE1_HASH) is False
def test_invalid2_checksumfile(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file2.txt'),
DEFAULT_HASH_ALGORITHM,
checksumfile=os.path.join(TEST_DIR,
'file1.txt.SHA256SUMS')) is False
def test_invalid1_checksum(self):
assert IcetrustUtils.verify_checksum(os.path.join(
TEST_DIR, 'file1.txt.SHA256SUMS'),
DEFAULT_HASH_ALGORITHM,
checksum_value='foobar') is False
def test_valid_checksum_whitespace(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksum_value=' ' + FILE1_HASH + ' ') is True
def test_doesnt_exists_checksum_file(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksumfile=os.path.join(TEST_DIR, 'foobar.txt')) is False
def canary(verbose, configfile, output_json, save_file):
"""Does a canary check against a project using information in CONFIGFILE"""
# Setup objects to be used
cmd_output = []
msg_callback = IcetrustUtils.process_verbose_flag(verbose)
# Validate the config file
config_data = IcetrustCanaryUtils.validate_config_file(configfile, msg_callback=msg_callback)
if config_data is None:
_process_result(False)
# Select the right mode
verification_mode =\
IcetrustCanaryUtils.get_verification_mode(config_data, msg_callback=msg_callback)
if verification_mode is None:
click.echo('Unknown verification mode in the config file!')
_process_result(False)
print('Using verification mode: ' + verification_mode.name)
# Extract verification data
verification_data = IcetrustCanaryUtils.extract_verification_data(config_data, verification_mode,
msg_callback=msg_callback)
# Check verification_data for warnings
if verbose:
IcetrustCanaryUtils.check_verification_data(config_data, verification_mode, verification_data,
msg_callback=msg_callback)
# Create temporary directory
temp_dir_obj = tempfile.TemporaryDirectory()
temp_dir = os.path.join(temp_dir_obj.name, '')
# Download all of the files required
IcetrustCanaryUtils.download_all_files(verification_mode, temp_dir, config_data['filename_url'],
verification_data, msg_callback=msg_callback)
# Import keys for those operations that need it
if verification_mode in [VerificationModes.PGP, VerificationModes.PGPCHECKSUMFILE]:
# Initialize PGP
gpg = IcetrustUtils.pgp_init(gpg_home_dir=temp_dir_obj.name)
# Import keys if needed
import_output = []
import_result = IcetrustCanaryUtils.import_key_material(gpg, temp_dir, verification_data,
cmd_output=import_output,
msg_callback=msg_callback)
if import_result is False:
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, import_result,
import_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(import_result)
# Main operation code
verification_result = False
if verification_mode == VerificationModes.COMPARE_FILES:
verification_result = IcetrustUtils.compare_files(os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_FILE2),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUM:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksum_value=verification_data['checksum_value'],
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUMFILE:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGP:
verification_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGPCHECKSUMFILE:
# Verify the signature of the checksum file first
signature_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_CHECKSUM),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
# Then verify the checksums themselves
if signature_result:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
else:
click.echo("ERROR: Verification mode not supported!")
sys.exit(-1)
# Compare previous version if needed
comparison_result = None
if 'previous_version' in config_data:
previous_file_path = os.path.join(os.getcwd(), config_data['previous_version'])
if os.path.exists(previous_file_path):
click.echo('\nComparing with previous version...')
comparison_result = IcetrustUtils.compare_files(config_data['previous_version'],
os.path.join(temp_dir, FILENAME_FILE1),
msg_callback=msg_callback)
if comparison_result:
click.echo('File matches previous version')
else:
click.echo('ERROR: File doesn\'t match previous version!')
# Saves the file if needed
if save_file is not None:
click.echo('\nSaving file...')
shutil.copy(os.path.join(temp_dir, FILENAME_FILE1), save_file)
# Generate JSON file if needed
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode,
verification_result, comparison_result,
cmd_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(verification_result)
def test_invalid_algorithm_checksum2(self):
with pytest.raises(ValueError):
IcetrustUtils.verify_checksum(os.path.join(TEST_DIR, 'file1.txt'),
'rc4',
checksum_value=FILE1_HASH)
def test_valid_checksum_and_invalid_file(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksum_value=FILE1_HASH,
checksumfile=os.path.join(TEST_DIR, 'foobar.txt')) is True
def test_invalid_algorithm_checksumfile1(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
'md5',
checksumfile=os.path.join(TEST_DIR,
'file1.txt.SHA256SUMS')) is False
def test_valid_checksum_uppercase(self):
assert IcetrustUtils.verify_checksum(
os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM,
checksum_value=FILE1_HASH.upper()) is True
def test_invalid_missing_arguments1(self):
with pytest.raises(ValueError):
IcetrustUtils.verify_checksum(os.path.join(TEST_DIR, 'file1.txt'),
DEFAULT_HASH_ALGORITHM)
def checksumfile(verbose, filename, checksumfile, algorithm):
"""Verify FILENAME against a checksum value in the CHECKSUMFILE"""
checksum_valid = IcetrustUtils.verify_checksum(filename, algorithm, checksumfile=checksumfile,
msg_callback=IcetrustUtils.process_verbose_flag(verbose))
_process_result(checksum_valid)