ngclient: use MetaFile/TargetFile verification #1467
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use MetaFile.verify_length_and_hashes during snapshot and targets verification in TrustedMetadataSet. Remove pylint: disable=too-many-branches. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
sechkova
force-pushed
the
use-api-hash-verification
branch
from
f8ecac8
to
3f18151
Compare
|
Rebased on |
jku
reviewed
Jul 5, 2021
There was a problem hiding this comment.
Looks good I think. Handling the exception just to raise again is a bit annoying but ... also probably correct:
- in these cases we do want to raise a RepositoryError -- client has no way to "handle" this error
- but other cases might be different (like if client itself was testing a cached file)
just on one question: what about the targetfile check in updated_targets()? it's a bit different case but should be able to use the same methods
tuf/ngclient/updater.py
Outdated
| @@ -205,17 +205,21 @@ def download_target( | |||
| else: | |||
| target_base_url = _ensure_trailing_slash(target_base_url) | |||
|
|
|||
| full_url = parse.urljoin(target_base_url, targetinfo["filepath"]) | |||
| target_filepath = targetinfo["filepath"] | |||
| target_fileinfo = targetinfo["fileinfo"] | |||
There was a problem hiding this comment.
Suggested change
| target_fileinfo = targetinfo["fileinfo"] | |
| target_fileinfo:TargetFile = targetinfo["fileinfo"] |
the real fix would be fixing the targetinfo argument type but this helps typing in the mean time
Replace Updater._check_file_lenght and Updater._check_hashes_obj with TargetFile.verify_length_and_hashes. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
Remove the hash check and call TargetFile.verify_length_and_hashes instead. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
sechkova
force-pushed
the
use-api-hash-verification
branch
from
3f18151
to
1b28604
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1410
Description of the changes being introduced by the pull request:
Use the newly added MetaFile/TargetFile.verify_length_and_hashes in the ngclient workflow.
Please verify and check that the pull request fulfills the following
requirements: