Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add unusual rolename tests #138

Merged
merged 6 commits into from
Aug 14, 2024
Merged

Add unusual rolename tests #138

merged 6 commits into from
Aug 14, 2024

Conversation

jku
Copy link
Member

@jku jku commented Aug 13, 2024
edited
Loading

These tests are useful in codifying some expectations on how to handle weird rolenames. I wouldn't be surprised if some clients want to skip this test but the "../delegatedrole" case comes from an actual security issue we've had (file traversal when storing the metadata).

This also enables #137 although I did not replace usage of _file_exist() yet -- I'm not sure if the new trusted_roles(self) is the right API?

jku added 3 commits August 13, 2024 17:58
@jku
python client: Add logging levels
99fb9a7 
Use "-vvv" to do debug logging.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
ClientRunner: Make it easier to see all trusted roles
0f0e002 
We can't 100% know what filenames the client uses: so tests can't
always ask "is this role trusted?" but have to look at whole list.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.�com>
@jku
WIP: Add some tests for tricky rolenames
b33f2d7 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku mentioned this pull request Aug 13, 2024
Open
@jku

This comment was marked as outdated.

Sign in to view
@jku jku marked this pull request as draft August 13, 2024 15:19
@jku
SimulatorServer: Use safe rolename for dump dir name
b75834a 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku marked this pull request as ready for review August 13, 2024 15:36
@jku jku mentioned this pull request Aug 13, 2024
Closed
jku
jku commented Aug 13, 2024
View reviewed changes
tuf_conformance/client_runner.py Outdated Show resolved Hide resolved
@jku jku mentioned this pull request Aug 14, 2024
Open
jku added 2 commits August 14, 2024 17:06
@jku
Remove obsolete comment
1340b33 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
Chaneg ClientRunner.trusted_roles return value
92929b4 
This matches metadata_statstics in repository simulator.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
Copy link
Member Author

jku commented Aug 14, 2024

This also enables #137 although I did not replace usage of _file_exist() yet -- I'm not sure if the new trusted_roles(self) is the right API?

I did not change the existing uses yet but I think trusted_roles() looks ok to me now -- it's the same as RepositorySimulator.metadata_statistics, except it's not sorted by time: mtime did not seem accurate enough since the files are written very quickly. So it is sorted by alpha.

@jku jku requested a review from AdamKorcz August 14, 2024 14:13
@AdamKorcz AdamKorcz merged commit c26f0c1 into theupdateframework:main Aug 14, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AdamKorcz AdamKorcz AdamKorcz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jku @AdamKorcz