Update test_api

Add tests for hash and length verification. Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
theupdateframework · Jun 11, 2021 · 22facb7 · 22facb7
1 parent 8710f8d
commit 22facb7
Showing 1 changed file with 64 additions and 4 deletions.
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -20,7 +20,7 @@
 
 from tests import utils
 
-import tuf.exceptions
+from tuf import exceptions
 from tuf.api.metadata import (
     Metadata,
     Root,
@@ -178,7 +178,7 @@ def test_sign_verify(self):
         self.assertTrue(len(metadata_obj.signatures) == 1)
         # ... which is valid for the correct key.
         targets_key.verify_signature(metadata_obj)
-        with self.assertRaises(tuf.exceptions.UnsignedMetadataError):
+        with self.assertRaises(exceptions.UnsignedMetadataError):
             snapshot_key.verify_signature(metadata_obj)
 
         sslib_signer = SSlibSigner(self.keystore['snapshot'])
@@ -197,7 +197,7 @@ def test_sign_verify(self):
         self.assertTrue(len(metadata_obj.signatures) == 1)
         # ... valid for that key.
         timestamp_key.verify_signature(metadata_obj)
-        with self.assertRaises(tuf.exceptions.UnsignedMetadataError):
+        with self.assertRaises(exceptions.UnsignedMetadataError):
             targets_key.verify_signature(metadata_obj)
 
 
@@ -280,7 +280,6 @@ def test_targetfile_class(self):
         targetfile_obj = TargetFile.from_dict(copy.copy(data))
         self.assertEqual(targetfile_obj.to_dict(), data)
 
-
     def test_metadata_snapshot(self):
         snapshot_path = os.path.join(
                 self.repo_dir, 'metadata', 'snapshot.json')
@@ -352,6 +351,7 @@ def test_metadata_timestamp(self):
         timestamp_test = Timestamp.from_dict(test_dict)
         self.assertEqual(timestamp_dict['signed'], timestamp_test.to_dict())
 
+
     def test_key_class(self):
         keys = {
             "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d":{
@@ -638,6 +638,66 @@ def test_support_for_unrecognized_fields(self):
                 metadata_obj.signed.to_dict(), metadata_obj2.signed.to_dict()
             )
 
+    def  test_length_and_hash_validation(self):
+
+        # Test metadata files' hash and length verification.
+        # Use timestamp to get a MetaFile object and snapshot
+        # for untrusted metadata file to verify.
+        timestamp_path = os.path.join(
+            self.repo_dir, 'metadata', 'timestamp.json')
+        timestamp = Metadata.from_file(timestamp_path)
+        snapshot_metafile = timestamp.signed.meta["snapshot.json"]
+
+        snapshot_path = os.path.join(
+            self.repo_dir, 'metadata', 'snapshot.json')
+
+        with open(snapshot_path, "rb") as file:
+            # test with  data as a file object
+            snapshot_metafile.verify_length_and_hashes(file)
+            file.seek(0)
+            data = file.read()
+            # test with data as bytes
+            snapshot_metafile.verify_length_and_hashes(data)
+
+            # test exceptions
+            expected_length = snapshot_metafile.length
+            snapshot_metafile.length = 2345
+            self.assertRaises(exceptions.LengthOrHashMismatchError,
+                snapshot_metafile.verify_length_and_hashes, data)
+
+            snapshot_metafile.length = expected_length
+            snapshot_metafile.hashes = {'sha256': 'incorrecthash'}
+            self.assertRaises(exceptions.LengthOrHashMismatchError,
+                snapshot_metafile.verify_length_and_hashes, data)
+
+            # test optional length and hashes
+            snapshot_metafile.length = None
+            snapshot_metafile.hashes = None
+            snapshot_metafile.verify_length_and_hashes(data)
+
+
+        # Test target files' hash and length verification
+        targets_path = os.path.join(
+            self.repo_dir, 'metadata', 'targets.json')
+        targets = Metadata.from_file(targets_path)
+        file1_targetfile = targets.signed.targets['file1.txt']
+        filepath = os.path.join(
+            self.repo_dir, 'targets', 'file1.txt')
+
+        with open(filepath, "rb") as file1:
+            file1_targetfile.verify_length_and_hashes(file1)
+
+            # test exceptions
+            expected_length = file1_targetfile.length
+            file1_targetfile.length = 2345
+            self.assertRaises(exceptions.LengthOrHashMismatchError,
+                file1_targetfile.verify_length_and_hashes, file1)
+
+            file1_targetfile.length = expected_length
+            file1_targetfile.hashes = {'sha256': 'incorrecthash'}
+            self.assertRaises(exceptions.LengthOrHashMismatchError,
+                file1_targetfile.verify_length_and_hashes, file1)
+
 
 # Run unit test.
 if __name__ == '__main__':