From ddb5518c6d57adce14fb5f7665d219778e642c53 Mon Sep 17 00:00:00 2001 From: koplas <54645365+koplas@users.noreply.github.com> Date: Tue, 17 Sep 2024 10:45:25 +0200 Subject: [PATCH] Extend SHA marking tests --- cmd/csaf_downloader/config.go | 4 +- cmd/csaf_downloader/downloader.go | 4 +- cmd/csaf_downloader/downloader_test.go | 111 ++++++++++++++++-- .../provider-metadata.json | 8 +- .../avendor-advisory-0004-not-listed.json | 12 +- .../white/avendor-advisory-0004.json | 12 +- .../white/avendor-advisory-0004.json.asc | 8 +- .../white/avendor-advisory-0004.json.sha256 | 2 +- .../white/avendor-advisory-0004.json.sha512 | 2 +- .../white/changes.csv | 2 +- .../white/avendor-advisory-0004.json | 12 +- .../white/avendor-advisory-0004.json.asc | 8 +- .../white/avendor-advisory-0004.json.sha256 | 2 +- .../white/avendor-advisory-0004.json.sha512 | 2 +- 14 files changed, 143 insertions(+), 46 deletions(-) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 71c50556..0f9ed1fa 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -44,8 +44,8 @@ const ( type hashAlgorithm string const ( - algSha256 = hashAlgorithm("SHA256") - algSha2512 = hashAlgorithm("SHA512") + algSha256 = hashAlgorithm("sha256") + algSha512 = hashAlgorithm("sha512") ) type config struct { diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index 29368991..ddaf3952 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -502,7 +502,7 @@ nextAdvisory: signData []byte ) - if (d.cfg.PreferredHash != "sha512" || file.SHA512URL() == "") && file.SHA256URL() != "" { + if (d.cfg.PreferredHash != algSha512 || file.SHA512URL() == "") && file.SHA256URL() != "" { // Only hash when we have a remote counterpart we can compare it with. if remoteSHA256, s256Data, err = loadHash(client, file.SHA256URL()); err != nil { if !file.IsDirectory() { @@ -518,7 +518,7 @@ nextAdvisory: } } - if (d.cfg.PreferredHash != "sha256" || file.SHA256URL() == "") && file.SHA512URL() != "" { + if (d.cfg.PreferredHash != algSha256 || file.SHA256URL() == "") && file.SHA512URL() != "" { if remoteSHA512, s512Data, err = loadHash(client, file.SHA512URL()); err != nil { if !file.IsDirectory() { slog.Warn("Cannot fetch SHA512", diff --git a/cmd/csaf_downloader/downloader_test.go b/cmd/csaf_downloader/downloader_test.go index 2039c6a8..cf020355 100644 --- a/cmd/csaf_downloader/downloader_test.go +++ b/cmd/csaf_downloader/downloader_test.go @@ -10,6 +10,7 @@ package main import ( "context" + "errors" "html/template" "log/slog" "net/http" @@ -53,6 +54,12 @@ func ProviderHandler(params *ProviderParams, directoryProvider bool) http.Handle w.Header().Add("Content-Type", "text/html") case strings.HasSuffix(path, ".json"): w.Header().Add("Content-Type", "application/json") + case strings.HasSuffix(path, ".sha256") && directoryProvider && !params.EnableSha256: + w.WriteHeader(http.StatusNotFound) + return + case strings.HasSuffix(path, ".sha512") && directoryProvider && !params.EnableSha512: + w.WriteHeader(http.StatusNotFound) + return default: w.Header().Add("Content-Type", "text/plain") } @@ -62,22 +69,97 @@ func ProviderHandler(params *ProviderParams, directoryProvider bool) http.Handle w.WriteHeader(http.StatusInternalServerError) return } - tmplt.Execute(w, params) + err = tmplt.Execute(w, params) + if err != nil { + w.WriteHeader(http.StatusInternalServerError) + return + } }) } +func checkIfFileExists(path string, t *testing.T) bool { + if _, err := os.Stat(path); err == nil { + return true + } else if errors.Is(err, os.ErrNotExist) { + return false + } else { + t.Fatalf("Failed to check if file exists: %v", err) + return false + } +} + func TestShaMarking(t *testing.T) { tests := []struct { name string directoryProvider bool wantSha256 bool wantSha512 bool + enableSha256 bool + enableSha512 bool + preferredHash hashAlgorithm }{ { name: "want sha256 and sha512", directoryProvider: false, wantSha256: true, wantSha512: true, + enableSha256: true, + enableSha512: true, + }, + { + name: "only want sha256", + directoryProvider: false, + wantSha256: true, + wantSha512: false, + enableSha256: true, + enableSha512: true, + preferredHash: algSha256, + }, + { + name: "only want sha512", + directoryProvider: false, + wantSha256: false, + wantSha512: true, + enableSha256: true, + enableSha512: true, + preferredHash: algSha512, + }, + { + name: "only want sha512", + directoryProvider: false, + wantSha256: false, + wantSha512: true, + enableSha256: true, + enableSha512: true, + preferredHash: algSha512, + }, + + { + name: "only deliver sha256", + directoryProvider: false, + wantSha256: true, + wantSha512: false, + enableSha256: true, + enableSha512: false, + preferredHash: algSha512, + }, + { + name: "only want sha256, directory provider", + directoryProvider: true, + wantSha256: true, + wantSha512: false, + enableSha256: true, + enableSha512: true, + preferredHash: algSha256, + }, + { + name: "only want sha512, directory provider", + directoryProvider: true, + wantSha256: false, + wantSha512: true, + enableSha256: true, + enableSha512: true, + preferredHash: algSha512, }, } @@ -89,8 +171,8 @@ func TestShaMarking(t *testing.T) { serverURL := "" params := ProviderParams{ URL: "", - EnableSha256: true, - EnableSha512: true, + EnableSha256: test.enableSha256, + EnableSha512: test.enableSha512, } server := httptest.NewTLSServer(ProviderHandler(¶ms, test.directoryProvider)) defer server.Close() @@ -102,19 +184,34 @@ func TestShaMarking(t *testing.T) { client := util.Client(hClient) tempDir := t.TempDir() - cfg := config{LogLevel: &options.LogLevel{Level: slog.LevelDebug}, Directory: tempDir} - cfg.prepare() + cfg := config{LogLevel: &options.LogLevel{Level: slog.LevelDebug}, Directory: tempDir, PreferredHash: test.preferredHash} + err := cfg.prepare() + if err != nil { + t.Fatalf("SHA marking config failed: %v", err) + } d, err := newDownloader(&cfg) if err != nil { t.Fatalf("could not init downloader: %v", err) } - defer d.close() d.client = &client ctx := context.Background() err = d.run(ctx, []string{serverURL + "/provider-metadata.json"}) if err != nil { - t.Errorf("SHA marking: Expected no error, got: %v", err) + t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err) + } + d.close() + + // Check for downloaded hashes + sha256Exists := checkIfFileExists(tempDir+"/white/2020/avendor-advisory-0004.json.sha256", t) + sha512Exists := checkIfFileExists(tempDir+"/white/2020/avendor-advisory-0004.json.sha512", t) + + if sha256Exists != test.wantSha256 { + t.Errorf("%v: expected sha256 hash present to be %v, got: %v", test.name, test.wantSha256, sha256Exists) + } + + if sha512Exists != test.wantSha512 { + t.Errorf("%v: expected sha512 hash present to be %v, got: %v", test.name, test.wantSha512, sha512Exists) } }) } diff --git a/testdata/simple-directory-provider/provider-metadata.json b/testdata/simple-directory-provider/provider-metadata.json index 95415050..792afd32 100644 --- a/testdata/simple-directory-provider/provider-metadata.json +++ b/testdata/simple-directory-provider/provider-metadata.json @@ -1,18 +1,18 @@ { - "canonical_url": "/provider-metadata.json", + "canonical_url": "{{.URL}}/provider-metadata.json", "distributions": [ { - "directory_url": "/white/" + "directory_url": "{{.URL}}/white/" } ], - "last_updated": "2020-00-00T00:00:00Z", + "last_updated": "2020-01-01T00:00:00Z", "list_on_CSAF_aggregators": true, "metadata_version": "2.0", "mirror_on_CSAF_aggregators": true, "public_openpgp_keys": [ { "fingerprint": "A8914CA2F11139C6A69A0018FB3CD9B15DE61596", - "url": "/openpgp/pubkey.asc" + "url": "{{.URL}}/openpgp/pubkey.asc" } ], "publisher": { diff --git a/testdata/simple-directory-provider/white/avendor-advisory-0004-not-listed.json b/testdata/simple-directory-provider/white/avendor-advisory-0004-not-listed.json index 5149f35d..0e194e9f 100644 --- a/testdata/simple-directory-provider/white/avendor-advisory-0004-not-listed.json +++ b/testdata/simple-directory-provider/white/avendor-advisory-0004-not-listed.json @@ -22,19 +22,19 @@ }, "title": "Test CSAF document", "tracking": { - "current_release_date": "2020-00-00T00:00:00Z", + "current_release_date": "2020-01-01T00:00:00Z", "generator": { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "engine": { "name": "csaf-tool", "version": "0.3.2" } }, "id": "Avendor-advisory-0004", - "initial_release_date": "2020-00-00T00:00:00Z", + "initial_release_date": "2020-01-01T00:00:00Z", "revision_history": [ { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "number": "1", "summary": "Initial version" } @@ -140,7 +140,7 @@ { "category": "impact", "details": "Customers should upgrade to the latest version of the product", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] @@ -161,7 +161,7 @@ { "category": "impact", "details": "Still under investigation", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] diff --git a/testdata/simple-directory-provider/white/avendor-advisory-0004.json b/testdata/simple-directory-provider/white/avendor-advisory-0004.json index 5149f35d..0e194e9f 100644 --- a/testdata/simple-directory-provider/white/avendor-advisory-0004.json +++ b/testdata/simple-directory-provider/white/avendor-advisory-0004.json @@ -22,19 +22,19 @@ }, "title": "Test CSAF document", "tracking": { - "current_release_date": "2020-00-00T00:00:00Z", + "current_release_date": "2020-01-01T00:00:00Z", "generator": { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "engine": { "name": "csaf-tool", "version": "0.3.2" } }, "id": "Avendor-advisory-0004", - "initial_release_date": "2020-00-00T00:00:00Z", + "initial_release_date": "2020-01-01T00:00:00Z", "revision_history": [ { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "number": "1", "summary": "Initial version" } @@ -140,7 +140,7 @@ { "category": "impact", "details": "Customers should upgrade to the latest version of the product", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] @@ -161,7 +161,7 @@ { "category": "impact", "details": "Still under investigation", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] diff --git a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.asc b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.asc index c36be128..9dff47ba 100644 --- a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.asc +++ b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.asc @@ -1,7 +1,7 @@ -----BEGIN PGP SIGNATURE----- -iHUEABYKAB0WIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZuftaAAKCRD7PNmxXeYV -lh/FAP90NaBzCYu9JpIuqvG8MZegVLpc85P6AeeMPU5W6dRHJwD/eQzrfy0TzAZ2 -q6xmpih4scq9j8frOjoH40w3rAByoQc= -=EhZh +iHUEABYKAB0WIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZukv9QAKCRD7PNmxXeYV +ljq0AP9n/rTgoNCJzSTZzNrrMy28ZR+Ppp1MSPWGFUzsx6qLJgD/d8cu0lokMsXf +y0uc9k7hrla/ajFUzNt3AVvT+CPFtAo= +=7E66 -----END PGP SIGNATURE----- diff --git a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha256 b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha256 index 7547b855..851b27c6 100644 --- a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha256 +++ b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha256 @@ -1 +1 @@ -ab1995c322f4b7905b79d78646fd8774900e27ac0b00128e892cd84cee1f17e2 avendor-advisory-0004.json +cb263bf1beab18b893de63f2966d0d8c5f38d60101c24d3fd7a5feebaad02c3b avendor-advisory-0004.json diff --git a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha512 b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha512 index b34356ec..6703550d 100644 --- a/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha512 +++ b/testdata/simple-directory-provider/white/avendor-advisory-0004.json.sha512 @@ -1 +1 @@ -8a7dd7d1247f510a59c26bf6f973ff4c3a8d37c5a69fd361aa7cc7cf06a38a8ef096e4f2f09b75269ad2b1cc99179381a63c7c731e5e492a9647ba0452255b37 avendor-advisory-0004.json +39476e1d08a0871d166091c90de259544382a3599eebda118a93468499a30fd034286086c461a97d3d5298e093b0be3868e8d89d8a6a255c4aa6adb81ebbfcad avendor-advisory-0004.json diff --git a/testdata/simple-directory-provider/white/changes.csv b/testdata/simple-directory-provider/white/changes.csv index c0b7eb31..4acdb290 100644 --- a/testdata/simple-directory-provider/white/changes.csv +++ b/testdata/simple-directory-provider/white/changes.csv @@ -1 +1 @@ -"avendor-advisory-0004.json","2020-00-00T00:00:00+00:00" +"avendor-advisory-0004.json","2020-01-01T00:00:00+00:00" diff --git a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json index 5149f35d..0e194e9f 100644 --- a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json +++ b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json @@ -22,19 +22,19 @@ }, "title": "Test CSAF document", "tracking": { - "current_release_date": "2020-00-00T00:00:00Z", + "current_release_date": "2020-01-01T00:00:00Z", "generator": { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "engine": { "name": "csaf-tool", "version": "0.3.2" } }, "id": "Avendor-advisory-0004", - "initial_release_date": "2020-00-00T00:00:00Z", + "initial_release_date": "2020-01-01T00:00:00Z", "revision_history": [ { - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "number": "1", "summary": "Initial version" } @@ -140,7 +140,7 @@ { "category": "impact", "details": "Customers should upgrade to the latest version of the product", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] @@ -161,7 +161,7 @@ { "category": "impact", "details": "Still under investigation", - "date": "2020-00-00T00:00:00Z", + "date": "2020-01-01T00:00:00Z", "product_ids": ["CSAFPID_0001"] } ] diff --git a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.asc b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.asc index c36be128..9dff47ba 100644 --- a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.asc +++ b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.asc @@ -1,7 +1,7 @@ -----BEGIN PGP SIGNATURE----- -iHUEABYKAB0WIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZuftaAAKCRD7PNmxXeYV -lh/FAP90NaBzCYu9JpIuqvG8MZegVLpc85P6AeeMPU5W6dRHJwD/eQzrfy0TzAZ2 -q6xmpih4scq9j8frOjoH40w3rAByoQc= -=EhZh +iHUEABYKAB0WIQSokUyi8RE5xqaaABj7PNmxXeYVlgUCZukv9QAKCRD7PNmxXeYV +ljq0AP9n/rTgoNCJzSTZzNrrMy28ZR+Ppp1MSPWGFUzsx6qLJgD/d8cu0lokMsXf +y0uc9k7hrla/ajFUzNt3AVvT+CPFtAo= +=7E66 -----END PGP SIGNATURE----- diff --git a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha256 b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha256 index 7547b855..851b27c6 100644 --- a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha256 +++ b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha256 @@ -1 +1 @@ -ab1995c322f4b7905b79d78646fd8774900e27ac0b00128e892cd84cee1f17e2 avendor-advisory-0004.json +cb263bf1beab18b893de63f2966d0d8c5f38d60101c24d3fd7a5feebaad02c3b avendor-advisory-0004.json diff --git a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha512 b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha512 index b34356ec..6703550d 100644 --- a/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha512 +++ b/testdata/simple-rolie-provider/white/avendor-advisory-0004.json.sha512 @@ -1 +1 @@ -8a7dd7d1247f510a59c26bf6f973ff4c3a8d37c5a69fd361aa7cc7cf06a38a8ef096e4f2f09b75269ad2b1cc99179381a63c7c731e5e492a9647ba0452255b37 avendor-advisory-0004.json +39476e1d08a0871d166091c90de259544382a3599eebda118a93468499a30fd034286086c461a97d3d5298e093b0be3868e8d89d8a6a255c4aa6adb81ebbfcad avendor-advisory-0004.json