def test_valid_verbose(self, mock_msg_callback): config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'compare.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.COMPARE_FILES, msg_callback=mock_msg_callback) is not None assert len(mock_msg_callback.messages) == 1 assert mock_msg_callback.messages[0] ==\ "Verification data: {'file2_url': 'https://files.pythonhosted.org/packages/c8/6f/730a38dc98dd4a9dad644515700c29050c4672594def4d7f6f2f1bda28ae/truegaze-0.1.7-py3-none-any.whl'}"
def test_valid_verbose(self, mock_msg_callback): verification_data = dict() verification_data['algorithm'] = 'sha1' assert IcetrustCanaryUtils.get_algorithm( verification_data, msg_callback=mock_msg_callback) == 'sha1' assert len(mock_msg_callback.messages) == 1 assert mock_msg_callback.messages[0] == "Using algorithm: sha1"
def test_valid(self, tmp_path): config_data = dict() config_data['name'] = 'foobar1' config_data['url'] = 'https://www.example.com' config_data['filename_url'] = 'https://www.example.com/file.sh' verification_mode = VerificationModes.PGPCHECKSUMFILE verified_result = False comparison_result = False cmd_output = ['foobar2', 'foobar3'] json_raw = IcetrustCanaryUtils.generate_json( config_data, verification_mode, verified_result, comparison_result, cmd_output, os.path.join(TEST_DIR, 'file1.txt')) json_parsed = json.loads(json_raw) schema_data = json.load(open(CANARY_OUTPUT_SCHEMA, 'r')) jsonschema.validators.validate( instance=json_parsed, schema=schema_data, format_checker=jsonschema.draft7_format_checker) assert (json_parsed['name']) == config_data['name'] assert (json_parsed['url']) == config_data['url'] assert (json_parsed['filename_url']) == config_data['filename_url'] assert (json_parsed['verification_mode'] ) == VerificationModes.PGPCHECKSUMFILE.value assert (json_parsed['verified']) == verified_result assert (json_parsed['previous_version_matched']) == comparison_result assert (json_parsed['output']) == ', '.join(cmd_output)
def test_invalid_verbose(self, mock_msg_callback): config = dict() assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.COMPARE_FILES, msg_callback=mock_msg_callback) is None assert len(mock_msg_callback.messages) == 0
def test_valid_verbose(self, mock_msg_callback): assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'compare.json')), 'r'), msg_callback=mock_msg_callback) is not None assert len(mock_msg_callback.messages) == 0
def test_invalid_verbose(self, mock_msg_callback): assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_output', 'compare.json')), 'r'), msg_callback=mock_msg_callback) is None assert len(mock_msg_callback.messages) == 2 assert mock_msg_callback.messages[ 0] == "Config file is not properly formatted!" assert mock_msg_callback.messages[ 1] == "'compare_files' is a required property"
def test_valid(self): assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'compare.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksum.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksumfile.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyfile.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyid.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyfile.json')), 'r')) is not None assert IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyid.json')), 'r')) is not None
def test_invalid(self): assert IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_output', 'compare.json')), 'r')) is None
def test_valid_default_verbose(self, mock_msg_callback): verification_data = dict() assert IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=mock_msg_callback)\ == DEFAULT_HASH_ALGORITHM assert len(mock_msg_callback.messages) == 1 assert mock_msg_callback.messages[0] == "Using algorithm: sha256"
def test_valid_default(self): verification_data = dict() assert IcetrustCanaryUtils.get_algorithm( verification_data) == DEFAULT_HASH_ALGORITHM
def test_valid(self): verification_data = dict() verification_data['algorithm'] = 'sha1' assert IcetrustCanaryUtils.get_algorithm(verification_data) == 'sha1'
def test_invalid(self): config = dict() assert IcetrustCanaryUtils.get_verification_mode(config) is None
def test_valid(self): config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'compare.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.COMPARE_FILES config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksum.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.CHECKSUM config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksumfile.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.CHECKSUMFILE config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyfile.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.PGP config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyid.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.PGP config = IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyfile.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.PGPCHECKSUMFILE config = IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyid.json')), 'r')) assert IcetrustCanaryUtils.get_verification_mode( config) == VerificationModes.PGPCHECKSUMFILE
def test_invalid(self): config = dict() assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.COMPARE_FILES) is None
def test_valid(self): config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'compare.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.COMPARE_FILES) is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksum.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.CHECKSUM) is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'checksumfile.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.CHECKSUMFILE)\ is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyfile.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.PGP) is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join(TEST_DIR, os.path.join('canary_input', 'pgp_keyid.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data( config, VerificationModes.PGP) is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyfile.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.PGPCHECKSUMFILE)\ is not None config = IcetrustCanaryUtils.validate_config_file( open( os.path.join( TEST_DIR, os.path.join('canary_input', 'pgpchecksumfile_keyid.json')), 'r')) assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.PGPCHECKSUMFILE)\ is not None
def canary(verbose, configfile, output_json, save_file): """Does a canary check against a project using information in CONFIGFILE""" # Setup objects to be used cmd_output = [] msg_callback = IcetrustUtils.process_verbose_flag(verbose) # Validate the config file config_data = IcetrustCanaryUtils.validate_config_file(configfile, msg_callback=msg_callback) if config_data is None: _process_result(False) # Select the right mode verification_mode =\ IcetrustCanaryUtils.get_verification_mode(config_data, msg_callback=msg_callback) if verification_mode is None: click.echo('Unknown verification mode in the config file!') _process_result(False) print('Using verification mode: ' + verification_mode.name) # Extract verification data verification_data = IcetrustCanaryUtils.extract_verification_data(config_data, verification_mode, msg_callback=msg_callback) # Check verification_data for warnings if verbose: IcetrustCanaryUtils.check_verification_data(config_data, verification_mode, verification_data, msg_callback=msg_callback) # Create temporary directory temp_dir_obj = tempfile.TemporaryDirectory() temp_dir = os.path.join(temp_dir_obj.name, '') # Download all of the files required IcetrustCanaryUtils.download_all_files(verification_mode, temp_dir, config_data['filename_url'], verification_data, msg_callback=msg_callback) # Import keys for those operations that need it if verification_mode in [VerificationModes.PGP, VerificationModes.PGPCHECKSUMFILE]: # Initialize PGP gpg = IcetrustUtils.pgp_init(gpg_home_dir=temp_dir_obj.name) # Import keys if needed import_output = [] import_result = IcetrustCanaryUtils.import_key_material(gpg, temp_dir, verification_data, cmd_output=import_output, msg_callback=msg_callback) if import_result is False: if output_json is not None: json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, import_result, import_output, os.path.join(temp_dir, FILENAME_FILE1), msg_callback) open(output_json, "w").write(json_data) _process_result(import_result) # Main operation code verification_result = False if verification_mode == VerificationModes.COMPARE_FILES: verification_result = IcetrustUtils.compare_files(os.path.join(temp_dir, FILENAME_FILE1), os.path.join(temp_dir, FILENAME_FILE2), msg_callback=msg_callback, cmd_output=cmd_output) elif verification_mode == VerificationModes.CHECKSUM: algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback) verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm, checksum_value=verification_data['checksum_value'], msg_callback=msg_callback, cmd_output=cmd_output) elif verification_mode == VerificationModes.CHECKSUMFILE: algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback) verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm, checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM), msg_callback=msg_callback, cmd_output=cmd_output) elif verification_mode == VerificationModes.PGP: verification_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_FILE1), os.path.join(temp_dir, FILENAME_SIGNATURE), msg_callback=msg_callback, cmd_output=cmd_output) elif verification_mode == VerificationModes.PGPCHECKSUMFILE: # Verify the signature of the checksum file first signature_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_CHECKSUM), os.path.join(temp_dir, FILENAME_SIGNATURE), msg_callback=msg_callback, cmd_output=cmd_output) # Then verify the checksums themselves if signature_result: algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback) verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm, checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM), msg_callback=msg_callback, cmd_output=cmd_output) else: click.echo("ERROR: Verification mode not supported!") sys.exit(-1) # Compare previous version if needed comparison_result = None if 'previous_version' in config_data: previous_file_path = os.path.join(os.getcwd(), config_data['previous_version']) if os.path.exists(previous_file_path): click.echo('\nComparing with previous version...') comparison_result = IcetrustUtils.compare_files(config_data['previous_version'], os.path.join(temp_dir, FILENAME_FILE1), msg_callback=msg_callback) if comparison_result: click.echo('File matches previous version') else: click.echo('ERROR: File doesn\'t match previous version!') # Saves the file if needed if save_file is not None: click.echo('\nSaving file...') shutil.copy(os.path.join(temp_dir, FILENAME_FILE1), save_file) # Generate JSON file if needed if output_json is not None: json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, verification_result, comparison_result, cmd_output, os.path.join(temp_dir, FILENAME_FILE1), msg_callback) open(output_json, "w").write(json_data) _process_result(verification_result)