def test_db_pkg_compare(self):
"""
Test the pkg metadata diff function specifically.
:return:
"""
int_m = int("010755", 8)
p1 = ImagePackageManifestEntry()
p1.file_path = "/test1"
p1.is_config_file = False
p1.size = 1000
p1.mode = int_m
p1.digest = "abc"
p1.digest_algorithm = "sha256"
fs_entry = {
"is_packaged": True,
"name": "/test1",
"suid": None,
"entry_type": "file",
"linkdst_fullpath": None,
"mode": int_m,
"othernames": [],
"sha256_checksum": "abc",
"md5_checksum": "def",
"sha1_checksum": "abcdef",
"size": 1000,
}
# Result == False
# Basic equal eval
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest = None
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest = "abc"
# Is config file, skip comparison since expected to change
p1.is_config_file = True
p1.digest = "blah123"
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.is_config_file = False
p1.digest = "abc"
# sha1 diffs
p1.digest_algorithm = "sha1"
p1.digest = "abcdef"
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest_algorithm = "sha256"
p1.digest = "abc"
# Cannot compare due to missing digest types
p1.digest_algorithm = "sha1"
f = fs_entry.pop("sha1_checksum")
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest_algorithm = "sha256"
fs_entry["sha1_checksum"] = f
# Result == Changed
# Mode diffs
p1.mode = int_m + 1
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
p1.mode = int_m
# Size diffs
p1.size = 1001
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
p1.size = 1000
# Sha256 diffs
p1.digest = "abd"
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
# md5 diffs
p1.digest_algorithm = "md5"
p1.digest = "blah"
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
# sha1 diffs
p1.digest_algorithm = "sha1"
p1.digest = "blah"
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
p1.digest = "abc"
p1.digest_algorithm = "sha256"
# Some weird mode checks to ensure different length mode numbers are ok
# FS longer than pkg_db, but eq in match
fs_entry["mode"] = int("060755", 8)
p1.mode = int("0755", 8)
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# FS longer than pkg_db but not eq
fs_entry["mode"] = int("060754", 8)
p1.mode = int("0755", 8)
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
# FS shorter than pkg_db and match
fs_entry["mode"] = int("0755", 8)
p1.mode = int("060755", 8)
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# FS shorter than pkg_db and no match
fs_entry["mode"] = int("0755", 8)
p1.mode = int("060754", 8)
self.assertEqual(
VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry),
)
# Result == missing
# Check against no entry
self.assertEqual(
VerifyTrigger.VerificationStates.missing,
VerifyTrigger._diff_pkg_meta_and_file(p1, None),
)
# Check against empty entry
self.assertEqual(
VerifyTrigger.VerificationStates.missing,
VerifyTrigger._diff_pkg_meta_and_file(p1, {}),
)
def load_package_verification(self, analysis_report, image_obj):
"""
Loads package verification analysis data.
Adds the package db metadata records to respective packages in the image_obj
:param analysis_report:
:param image_obj:
:return: True on success
"""
log.info('Loading package verification data')
analyzer = 'file_package_verify'
pkgfile_meta = 'distro.pkgfilemeta'
verify_result = 'distro.verifyresult'
digest_algos = ['sha1', 'sha256', 'md5']
package_verify_json = analysis_report.get(analyzer)
if not package_verify_json:
return []
file_records = package_verify_json.get(pkgfile_meta,
{}).get('base', {})
verify_records = package_verify_json.get(verify_result,
{}).get('base', {})
# Re-organize the data from file-keyed to package keyed for efficient filtering
packages = {}
for path, file_meta in file_records.items():
for r in json.loads(file_meta):
pkg = r.pop('package')
if not pkg:
continue
if pkg not in packages:
packages[pkg] = {}
# Add the entry for the file in the package
packages[pkg][path] = r
for package in image_obj.packages:
pkg_entry = packages.get(package.name)
entries = []
if not pkg_entry:
continue
for f_name, entry in pkg_entry.items():
meta = ImagePackageManifestEntry()
meta.pkg_name = package.name
meta.pkg_version = package.version
meta.pkg_type = package.pkg_type
meta.pkg_arch = package.arch
meta.image_id = package.image_id
meta.image_user_id = package.image_user_id
meta.file_path = f_name
meta.digest_algorithm = entry.get('digestalgo')
meta.digest = entry.get('digest')
meta.file_user_name = entry.get('user')
meta.file_group_name = entry.get('group')
meta.is_config_file = entry.get('conffile')
m = entry.get('mode')
s = entry.get('size')
meta.mode = int(
m, 8
) if m is not None else m # Convert from octal to decimal int
meta.size = int(s) if s is not None else None
entries.append(meta)
package.pkg_db_entries = entries
return True
def test_db_pkg_compare(self):
"""
Test the pkg metadata diff function specifically.
:return:
"""
int_m = int('010755', 8)
p1 = ImagePackageManifestEntry()
p1.file_path = '/test1'
p1.is_config_file = False
p1.size = 1000
p1.mode = int_m
p1.digest = 'abc'
p1.digest_algorithm = 'sha256'
fs_entry = {
'is_packaged': True,
'name': '/test1',
'suid': None,
'entry_type': 'file',
'linkdst_fullpath': None,
'mode': int_m,
'othernames': [],
'sha256_checksum': 'abc',
'md5_checksum': 'def',
'sha1_checksum': 'abcdef',
'size': 1000
}
# Result == False
# Basic equal eval
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest = None
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest = 'abc'
# Is config file, skip comparison since expected to change
p1.is_config_file = True
p1.digest = 'blah123'
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.is_config_file = False
p1.digest = 'abc'
# sha1 diffs
p1.digest_algorithm = 'sha1'
p1.digest = 'abcdef'
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest_algorithm = 'sha256'
p1.digest = 'abc'
# Cannot compare due to missing digest types
p1.digest_algorithm = 'sha1'
f = fs_entry.pop('sha1_checksum')
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest_algorithm = 'sha256'
fs_entry['sha1_checksum'] = f
# Result == Changed
# Mode diffs
p1.mode = int_m + 1
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.mode = int_m
# Size diffs
p1.size = 1001
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.size = 1000
# Sha256 diffs
p1.digest = 'abd'
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# md5 diffs
p1.digest_algorithm = 'md5'
p1.digest = 'blah'
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# sha1 diffs
p1.digest_algorithm = 'sha1'
p1.digest = 'blah'
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
p1.digest = 'abc'
p1.digest_algorithm = 'sha256'
# Some weird mode checks to ensure different length mode numbers are ok
# FS longer than pkg_db, but eq in match
fs_entry['mode'] = int('060755', 8)
p1.mode = int('0755', 8)
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# FS longer than pkg_db but not eq
fs_entry['mode'] = int('060754', 8)
p1.mode = int('0755', 8)
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# FS shorter than pkg_db and match
fs_entry['mode'] = int('0755', 8)
p1.mode = int('060755', 8)
self.assertFalse(VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# FS shorter than pkg_db and no match
fs_entry['mode'] = int('0755', 8)
p1.mode = int('060754', 8)
self.assertEqual(VerifyTrigger.VerificationStates.changed,
VerifyTrigger._diff_pkg_meta_and_file(p1, fs_entry))
# Result == missing
# Check against no entry
self.assertEqual(VerifyTrigger.VerificationStates.missing,
VerifyTrigger._diff_pkg_meta_and_file(p1, None))
# Check against empty entry
self.assertEqual(VerifyTrigger.VerificationStates.missing,
VerifyTrigger._diff_pkg_meta_and_file(p1, {}))