Exemple #1
0
    def test_get_encryption_key__to_short__error(self):

        key = 'abc123'
        self.root_dir.join('.szczypiorek_encryption_key').write(
            base64.b64encode(
                json.dumps({
                    'key': key,
                    'hash': 'hash',
                }).encode('utf8')),
            mode='wb')

        with pytest.raises(EncryptionKeyTooShortError) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize("""
            So it seems that the key used for encryption hidden in
            the '.szczypiorek_encryption_key' file is too short.

            Which means that because of some reason you've decided to mess
            around with the built-in generator of the secured key.

            Try to get access to the not broken version of the
            '.szczypiorek_encryption_key' file or if you have access to the not
            encrypted version you environment files simply remove the broken
            file and run 'decrypt' phase one more time.
        """)
    def test_load_yaml__is_not_valid(self):

        with pytest.raises(BrokenYamlError) as e:
            assert load_yaml(n('''
                a: {{what}
            ''')) is True

        assert e.value.args[0] == normalize("""
            It seems that you're yaml file is broken.

            Run in through some online validators to find the reason behind it.
        """)
    def test_substitute__missing_key__error(self):

        with pytest.raises(MissingSubstitutionKeyError) as e:
            substitute({
                'hi': '{{ a.b }} what',
                'c_d_ex': 'sanatorium',
            })

        assert e.value.args[0] == normalize("""
            Your template variable is referring non-existent value under
            the 'a.b' key.
        """)
Exemple #4
0
    def test_decrypt__key_changed__error(self):

        self.mocker.patch(
            'szczypiorek.crypto.get_encryption_key').return_value = ('secret',
                                                                     'hash0')

        with pytest.raises(DecryptionError) as e:
            decrypt(write_encrypted('what is it', 'hash1'))

        assert e.value.args[0] == normalize("""
            It seems that different key was used for encryption and decryption.
        """)
Exemple #5
0
    def test_get_encryption_key__file_does_not_exist__error(self):

        with pytest.raises(EncryptionKeyFileMissingError) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize("""
            Couldn't find the '.szczypiorek_encryption_key' file. It is required
            for the correct functioning of the encryption and decryption
            phases.

            If you see this message while performing 'decrypt' then
            simply request the file from fellow code contributor.
            In the 'encrypt' scenario the file is created automatically.
        """)  # noqa
Exemple #6
0
    def test_decrypt__broken_gpg__error(self):

        self.mocker.patch(
            'szczypiorek.crypto.get_encryption_key').return_value = ('secret',
                                                                     'hash')

        with pytest.raises(DecryptionError) as e:
            decrypt(write_encrypted('what is it', 'hash'))

        assert e.value.args[0] == normalize("""
            Something went wrong while attempting to decrypt. The big chance
            is that you've used broken encryption key.

            Therefore if you see this message it means that you're trying to
            do something bad. Stop doing that.
        """)
Exemple #7
0
    def test_assert_is_git_ignored__is_not_ignored(self):

        bash('git init')
        self.root_dir.join('.gitignore').write('')
        f = self.root_dir.join('file.txt')
        f.write('whatever')

        with pytest.raises(FileNotIgnoredError) as e:
            assert_is_git_ignored('file.txt')

        assert e.value.args[0] == normalize("""
            Well it seems that the 'file.txt' is not git ignored. Since it
            appears in the context there's a big chance that it contains some
            sensitive data.

            Please add it to the '.gitignore' and stop tracking it.
        """)
Exemple #8
0
    def test_get_encryption_key__env_var__not_base64__error(self):

        os.environ['SZCZYPIOREK_ENCRYPTION_KEY'] = json.dumps({'key': 'key'})

        with pytest.raises(EncryptionKeyBrokenBase64Error) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize("""
            The content of the 'SZCZYPIOREK_ENCRYPTION_KEY' environment variable was automatically
            encoded with base64 so that noone tries to mess around with it.
            So if you see this message that means that someone tried just that.

            Try to get access to the not broken version of the
            'SZCZYPIOREK_ENCRYPTION_KEY' environment variable or if you have access to the not
            encrypted version you environment files simply remove the broken
            file and run 'decrypt' phase one more time.
        """)  # noqa
Exemple #9
0
    def test_get_encryption_key__not_json__error(self):

        self.root_dir.join('.szczypiorek_encryption_key').write(
            base64.b64encode(b'"key": "whatever"'), mode='wb')

        with pytest.raises(EncryptionKeyBrokenJsonError) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize("""
            The content of the '.szczypiorek_encryption_key' file must be a valid
            json file encoded with base64. It takes the following shape:

            {
                "key": <automatically generated secret>,
                "hash": <automatically generated secret's hash>,
                "created_datetime": <iso datetime of the key creation>
            }
        """)  # noqa
Exemple #10
0
    def test_decrypt__wrong_passphrase__error(self):

        self.mocker.patch(
            'szczypiorek.crypto.get_encryption_key').side_effect = [
                ('secret.0', 'hash'), ('secret.1', 'hash')
            ]

        encrypted = encrypt('what is it')

        with pytest.raises(DecryptionError) as e:
            decrypt(encrypted)

        assert e.value.args[0] == normalize("""
            Something went wrong while attempting to decrypt. The big chance
            is that you've used broken encryption key.

            Therefore if you see this message it means that you're trying to
            do something bad. Stop doing that.
        """)
Exemple #11
0
    def test_get_encryption_key__file_not_gitignored__error(self):

        key = 'd8s9s8c9s8s9ds8d98sd9s89cs8c9s8d'
        self.root_dir.join('.szczypiorek_encryption_key').write(
            base64.b64encode(
                json.dumps({
                    'key': key,
                    'hash': 'hash',
                }).encode('utf8')),
            mode='wb')

        self.mocker.patch(
            'szczypiorek.crypto.assert_is_git_repository').return_value = True
        self.mocker.patch('szczypiorek.crypto.assert_is_git_ignored'
                          ).side_effect = FileNotIgnoredError('not ignored')

        with pytest.raises(FileNotIgnoredError) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize('not ignored')
Exemple #12
0
    def test_get_encryption_key__file__not_base64__error(self):

        self.root_dir.join('.szczypiorek_encryption_key').write(json.dumps({
            'key':
            'key'
        }).encode('utf8'),
                                                                mode='wb')

        with pytest.raises(EncryptionKeyBrokenBase64Error) as e:
            get_encryption_key()

        assert e.value.args[0] == normalize("""
            The content of the '.szczypiorek_encryption_key' file was automatically
            encoded with base64 so that noone tries to mess around with it.
            So if you see this message that means that someone tried just that.

            Try to get access to the not broken version of the
            '.szczypiorek_encryption_key' file or if you have access to the not
            encrypted version you environment files simply remove the broken
            file and run 'decrypt' phase one more time.
        """)  # noqa