def test_valid_verbose(self, mock_msg_callback):
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'compare.json')),
'r'))
assert IcetrustCanaryUtils.extract_verification_data(
config,
VerificationModes.COMPARE_FILES,
msg_callback=mock_msg_callback) is not None
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[0] ==\
"Verification data: {'file2_url': 'https://files.pythonhosted.org/packages/c8/6f/730a38dc98dd4a9dad644515700c29050c4672594def4d7f6f2f1bda28ae/truegaze-0.1.7-py3-none-any.whl'}"
def test_valid_verbose(self, mock_msg_callback):
verification_data = dict()
verification_data['algorithm'] = 'sha1'
assert IcetrustCanaryUtils.get_algorithm(
verification_data, msg_callback=mock_msg_callback) == 'sha1'
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[0] == "Using algorithm: sha1"
def test_valid(self, tmp_path):
config_data = dict()
config_data['name'] = 'foobar1'
config_data['url'] = 'https://www.example.com'
config_data['filename_url'] = 'https://www.example.com/file.sh'
verification_mode = VerificationModes.PGPCHECKSUMFILE
verified_result = False
comparison_result = False
cmd_output = ['foobar2', 'foobar3']
json_raw = IcetrustCanaryUtils.generate_json(
config_data, verification_mode, verified_result, comparison_result,
cmd_output, os.path.join(TEST_DIR, 'file1.txt'))
json_parsed = json.loads(json_raw)
schema_data = json.load(open(CANARY_OUTPUT_SCHEMA, 'r'))
jsonschema.validators.validate(
instance=json_parsed,
schema=schema_data,
format_checker=jsonschema.draft7_format_checker)
assert (json_parsed['name']) == config_data['name']
assert (json_parsed['url']) == config_data['url']
assert (json_parsed['filename_url']) == config_data['filename_url']
assert (json_parsed['verification_mode']
) == VerificationModes.PGPCHECKSUMFILE.value
assert (json_parsed['verified']) == verified_result
assert (json_parsed['previous_version_matched']) == comparison_result
assert (json_parsed['output']) == ', '.join(cmd_output)
def test_invalid_verbose(self, mock_msg_callback):
config = dict()
assert IcetrustCanaryUtils.extract_verification_data(
config,
VerificationModes.COMPARE_FILES,
msg_callback=mock_msg_callback) is None
assert len(mock_msg_callback.messages) == 0
def test_valid_verbose(self, mock_msg_callback):
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'compare.json')),
'r'),
msg_callback=mock_msg_callback) is not None
assert len(mock_msg_callback.messages) == 0
def test_invalid_verbose(self, mock_msg_callback):
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_output', 'compare.json')),
'r'),
msg_callback=mock_msg_callback) is None
assert len(mock_msg_callback.messages) == 2
assert mock_msg_callback.messages[
0] == "Config file is not properly formatted!"
assert mock_msg_callback.messages[
1] == "'compare_files' is a required property"
def test_valid(self):
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'compare.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'checksum.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input',
'checksumfile.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyfile.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyid.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyfile.json')),
'r')) is not None
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyid.json')),
'r')) is not None
def test_invalid(self):
assert IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_output', 'compare.json')),
'r')) is None
def test_valid_default_verbose(self, mock_msg_callback):
verification_data = dict()
assert IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=mock_msg_callback)\
== DEFAULT_HASH_ALGORITHM
assert len(mock_msg_callback.messages) == 1
assert mock_msg_callback.messages[0] == "Using algorithm: sha256"
def test_valid_default(self):
verification_data = dict()
assert IcetrustCanaryUtils.get_algorithm(
verification_data) == DEFAULT_HASH_ALGORITHM
def test_valid(self):
verification_data = dict()
verification_data['algorithm'] = 'sha1'
assert IcetrustCanaryUtils.get_algorithm(verification_data) == 'sha1'
def test_invalid(self):
config = dict()
assert IcetrustCanaryUtils.get_verification_mode(config) is None
def test_valid(self):
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'compare.json')),
'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.COMPARE_FILES
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'checksum.json')),
'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.CHECKSUM
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input',
'checksumfile.json')), 'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.CHECKSUMFILE
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyfile.json')),
'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.PGP
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyid.json')),
'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.PGP
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyfile.json')), 'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.PGPCHECKSUMFILE
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyid.json')), 'r'))
assert IcetrustCanaryUtils.get_verification_mode(
config) == VerificationModes.PGPCHECKSUMFILE
def test_invalid(self):
config = dict()
assert IcetrustCanaryUtils.extract_verification_data(
config, VerificationModes.COMPARE_FILES) is None
def test_valid(self):
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'compare.json')),
'r'))
assert IcetrustCanaryUtils.extract_verification_data(
config, VerificationModes.COMPARE_FILES) is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'checksum.json')),
'r'))
assert IcetrustCanaryUtils.extract_verification_data(
config, VerificationModes.CHECKSUM) is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input',
'checksumfile.json')), 'r'))
assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.CHECKSUMFILE)\
is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyfile.json')),
'r'))
assert IcetrustCanaryUtils.extract_verification_data(
config, VerificationModes.PGP) is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(TEST_DIR,
os.path.join('canary_input', 'pgp_keyid.json')),
'r'))
assert IcetrustCanaryUtils.extract_verification_data(
config, VerificationModes.PGP) is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyfile.json')), 'r'))
assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.PGPCHECKSUMFILE)\
is not None
config = IcetrustCanaryUtils.validate_config_file(
open(
os.path.join(
TEST_DIR,
os.path.join('canary_input',
'pgpchecksumfile_keyid.json')), 'r'))
assert IcetrustCanaryUtils.extract_verification_data(config, VerificationModes.PGPCHECKSUMFILE)\
is not None
def canary(verbose, configfile, output_json, save_file):
"""Does a canary check against a project using information in CONFIGFILE"""
# Setup objects to be used
cmd_output = []
msg_callback = IcetrustUtils.process_verbose_flag(verbose)
# Validate the config file
config_data = IcetrustCanaryUtils.validate_config_file(configfile, msg_callback=msg_callback)
if config_data is None:
_process_result(False)
# Select the right mode
verification_mode =\
IcetrustCanaryUtils.get_verification_mode(config_data, msg_callback=msg_callback)
if verification_mode is None:
click.echo('Unknown verification mode in the config file!')
_process_result(False)
print('Using verification mode: ' + verification_mode.name)
# Extract verification data
verification_data = IcetrustCanaryUtils.extract_verification_data(config_data, verification_mode,
msg_callback=msg_callback)
# Check verification_data for warnings
if verbose:
IcetrustCanaryUtils.check_verification_data(config_data, verification_mode, verification_data,
msg_callback=msg_callback)
# Create temporary directory
temp_dir_obj = tempfile.TemporaryDirectory()
temp_dir = os.path.join(temp_dir_obj.name, '')
# Download all of the files required
IcetrustCanaryUtils.download_all_files(verification_mode, temp_dir, config_data['filename_url'],
verification_data, msg_callback=msg_callback)
# Import keys for those operations that need it
if verification_mode in [VerificationModes.PGP, VerificationModes.PGPCHECKSUMFILE]:
# Initialize PGP
gpg = IcetrustUtils.pgp_init(gpg_home_dir=temp_dir_obj.name)
# Import keys if needed
import_output = []
import_result = IcetrustCanaryUtils.import_key_material(gpg, temp_dir, verification_data,
cmd_output=import_output,
msg_callback=msg_callback)
if import_result is False:
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode, import_result,
import_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(import_result)
# Main operation code
verification_result = False
if verification_mode == VerificationModes.COMPARE_FILES:
verification_result = IcetrustUtils.compare_files(os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_FILE2),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUM:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksum_value=verification_data['checksum_value'],
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.CHECKSUMFILE:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGP:
verification_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_FILE1),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
elif verification_mode == VerificationModes.PGPCHECKSUMFILE:
# Verify the signature of the checksum file first
signature_result = IcetrustUtils.pgp_verify(gpg, os.path.join(temp_dir, FILENAME_CHECKSUM),
os.path.join(temp_dir, FILENAME_SIGNATURE),
msg_callback=msg_callback, cmd_output=cmd_output)
# Then verify the checksums themselves
if signature_result:
algorithm = IcetrustCanaryUtils.get_algorithm(verification_data, msg_callback=msg_callback)
verification_result = IcetrustUtils.verify_checksum(os.path.join(temp_dir, FILENAME_FILE1), algorithm,
checksumfile=os.path.join(temp_dir, FILENAME_CHECKSUM),
msg_callback=msg_callback, cmd_output=cmd_output)
else:
click.echo("ERROR: Verification mode not supported!")
sys.exit(-1)
# Compare previous version if needed
comparison_result = None
if 'previous_version' in config_data:
previous_file_path = os.path.join(os.getcwd(), config_data['previous_version'])
if os.path.exists(previous_file_path):
click.echo('\nComparing with previous version...')
comparison_result = IcetrustUtils.compare_files(config_data['previous_version'],
os.path.join(temp_dir, FILENAME_FILE1),
msg_callback=msg_callback)
if comparison_result:
click.echo('File matches previous version')
else:
click.echo('ERROR: File doesn\'t match previous version!')
# Saves the file if needed
if save_file is not None:
click.echo('\nSaving file...')
shutil.copy(os.path.join(temp_dir, FILENAME_FILE1), save_file)
# Generate JSON file if needed
if output_json is not None:
json_data = IcetrustCanaryUtils.generate_json(config_data, verification_mode,
verification_result, comparison_result,
cmd_output, os.path.join(temp_dir, FILENAME_FILE1),
msg_callback)
open(output_json, "w").write(json_data)
_process_result(verification_result)