def test_update_unexpected_exception_git_refs(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
git_output = (b'gpg: Signature made Tue 13 Mar 2018 01:14:11 AM UTC\n'
b'gpg: using RSA key '
b'22245C81E3BAEB4138B36061310F561200F4AD77\n'
b'gpg: Good signature from "SecureDrop Release '
b'Signing Key" [unknown]\n')
patchers = [
mock.patch('securedrop_admin.check_for_updates',
return_value=(True, "0.6.1")),
mock.patch('subprocess.check_call'),
mock.patch('subprocess.check_output',
side_effect=[
git_output,
subprocess.CalledProcessError(
1, 'cmd', b'a random error')
]),
]
for patcher in patchers:
patcher.start()
try:
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification successful." not in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code == 1
finally:
for patcher in patchers:
patcher.stop()
def test_update_signature_verifies(self, tmpdir, caplog, git_output):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
patchers = [
mock.patch('securedrop_admin.check_for_updates',
return_value=(True, "0.6.1")),
mock.patch('subprocess.check_call'),
mock.patch('subprocess.check_output',
side_effect=[
git_output,
subprocess.CalledProcessError(
1, 'cmd', b'not a valid ref')
]),
]
for patcher in patchers:
patcher.start()
try:
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification successful." in caplog.text
assert "Updated to SecureDrop" in caplog.text
assert ret_code == 0
finally:
for patcher in patchers:
patcher.stop()
def test_update_exits_if_not_needed(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
with mock.patch('securedrop_admin.check_for_updates',
return_value=(False, "0.6.1")):
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code == 0
def test_no_signature_on_update(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
with mock.patch('securedrop_admin.check_for_updates',
return_value=(True, "0.6.1")):
with mock.patch('subprocess.check_call'):
with mock.patch('subprocess.check_output',
side_effect=subprocess.CalledProcessError(
1, 'git', 'error: no signature found')):
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification failed." in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code != 0
def test_update_malicious_key_named_good_sig(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
git_output = (b'gpg: Signature made Tue 13 Mar 2018 01:14:11 AM UTC\n'
b'gpg: using RSA key '
b'1234567812345678123456781234567812345678\n'
b'gpg: Good signature from Good signature from '
b'"SecureDrop Release Signing Key" [unknown]\n')
with mock.patch('securedrop_admin.check_for_updates',
return_value=(True, "0.6.1")):
with mock.patch('subprocess.check_call'):
with mock.patch('subprocess.check_output',
return_value=git_output):
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification failed." in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code != 0
def test_update_signature_does_not_verify(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
git_output = (b'gpg: Signature made Tue 13 Mar 2018 01:14:11 AM UTC\n'
b'gpg: using RSA key '
b'22245C81E3BAEB4138B36061310F561200F4AD77\n'
b'gpg: BAD signature from "SecureDrop Release '
b'Signing Key" [unknown]\n')
with mock.patch('securedrop_admin.check_for_updates',
return_value=(True, "0.6.1")):
with mock.patch('subprocess.check_call'):
with mock.patch('subprocess.check_output',
return_value=git_output):
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification failed." in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code != 0
def test_update_malicious_key_named_fingerprint(self, tmpdir, caplog):
git_repo_path = str(tmpdir)
args = argparse.Namespace(root=git_repo_path)
git_output = (b"gpg: Signature made Tue 13 Mar 2018 01:14:11 AM UTC\n"
b"gpg: using RSA key "
b"1234567812345678123456781234567812345678\n"
b'gpg: Good signature from "22245C81E3BAEB4138'
b'B36061310F561200F4AD77" [unknown]\n')
with mock.patch("securedrop_admin.check_for_updates",
return_value=(True, "0.6.1")):
with mock.patch("subprocess.check_call"):
with mock.patch("subprocess.check_output",
return_value=git_output):
ret_code = securedrop_admin.update(args)
assert "Applying SecureDrop updates..." in caplog.text
assert "Signature verification failed." in caplog.text
assert "Updated to SecureDrop" not in caplog.text
assert ret_code != 0
