Пример #1
0
 def test__4_1(self):
     ''' Verify normalize() result when input is absolute path '''
     self.assertEqual(utils_path.normalize('/foo/bar/../baz'),
                      ''.join([os.sep, 'foo', os.sep, 'baz']))
     self.assertEqual(utils_path.normalize('/foo/bar/../../baz'),
                      ''.join([os.sep, 'baz']))
     self.assertEqual(utils_path.normalize('/foo/bar/../../../baz'),
                      ''.join([os.sep, 'baz']))
     self.assertEqual(utils_path.normalize('/foo/bar/../../../../baz'),
                      ''.join([os.sep, 'baz']))
Пример #2
0
    def test__4_2__and__4_3(self):
        ''' Verify normalize() result when input is relative path '''

        # 4.2 the starting node is the parent of foo
        self.assertEqual(utils_path.normalize('foo/bar/../baz'),
                         os.sep.join(['foo', 'baz']))
        self.assertEqual(utils_path.normalize('foo/bar/../../baz'),
                         'baz')

        # 4.3 the starting node is ABOVE the parent of foo
        self.assertEqual(utils_path.normalize('foo/bar/../../../baz'),
                         os.sep.join(['..', 'baz']))
        self.assertEqual(utils_path.normalize('foo/bar/../../../../baz'),
                         os.sep.join(['..', '..', 'baz']))
Пример #3
0
def dgst_verify(signature, tarball, key=None):

    '''
     Call OpenSSL to verify the signature.  The public key
     is ``VERSIONDIR/pubkey.pem``.  We assume the signature
     algorithm is SHA256.
    '''

    if not utils_hier.OPENSSL:
        raise RuntimeError('updater_verify: No OPENSSL defined')
    if not key:
        key = os.sep.join([utils_hier.VERSIONDIR, 'pubkey.pem'])

    #
    # By default subprocess.call() does not invoke the shell and
    # passes the command line to execve().  We set the command to
    # invoke and many arguments, but the caller "controls" some
    # other arguments.  In the common case, when we're invoked by
    # updater_runner.py, arguments are verified.  Still, for
    # additional correctness, here we also make sure we receive
    # file names below BASEDIR.
    #
    # TODO Here we can be even more paranoid^H^H obsessed by
    # correctness, and we can check (a) that we have received
    # normalized paths and (b) that signature, tarball, and
    # key follow certain patterns.
    #
    for path in (signature, tarball, key):
        path = utils_path.normalize(path)
        if not path.startswith(utils_hier.BASEDIR):
            raise RuntimeError('updater_verify: passed path outside of BASEDIR')

    #
    # We control the file names, typically.  If they're not controlled,
    # above there is code that restricts them inside BASEDIR.  Note that
    # the ``-verify`` switch should ensure that files are read and checked,
    # and not written.  Still, files we are going to verify may have
    # been crafted to crash openssl and run arbitratry code.  For this
    # reason, I wonder whether it makes sense to run the openssl subpro-
    # cess with reduced privileges.
    #
    cmdline = [utils_hier.OPENSSL, 'dgst', '-sha256', '-verify', key,
               '-signature', signature, tarball]

    __logging_info('updater_verify: exec: %s', str(cmdline))

    retval = subprocess.call(cmdline)

    if retval != 0:
        raise RuntimeError('updater_verify: signature does not match')
Пример #4
0
 def test__3(self):
     ''' Make sure that normalize() converts / to \\ on windows '''
     if os.name == 'nt':
         self.assertEqual(utils_path.normalize('foo/bar'), r'foo\bar')
Пример #5
0
 def test__2(self):
     ''' Make sure that normalize() simplifies redundant up-level refs '''
     self.assertEqual(utils_path.normalize('/foo/bar/../baz'),
                      os.sep.join(['', 'foo', 'baz']))
Пример #6
0
 def test__1(self):
     ''' Make sure that normalize() collapses multiple slashes '''
     self.assertEqual(utils_path.normalize('/foo////bar'),
                      os.sep.join(['', 'foo', 'bar']))