Переглянути джерело

rename testcase to mention CVE number, make the code more consistent with
the rest and add some more tests (by fixing commented ones)

David Kalnischkies 13 роки тому
батько
коміт
34747d46be

+ 61 - 0
test/integration/test-cve-2013-1051-InRelease-parsing

@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'stable' 'good-pkg' 'all' '1.0'
+
+setupaptarchive
+
+changetowebserver
+ARCHIVE='http://localhost/'
+msgtest 'Initial apt-get update should work with' 'InRelease'
+aptget update -qq && msgpass || msgfail
+
+# check that the setup is correct
+testequal "good-pkg:
+  Installed: (none)
+  Candidate: 1.0
+  Version table:
+     1.0 0
+        500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg
+
+# now exchange to the Packages file, note that this could be
+# done via MITM too
+insertpackage 'stable' 'bad-mitm' 'all' '1.0'
+
+# this builds compressed files and a new (unsigned) Release
+buildaptarchivefromfiles '+1hour'
+
+# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
+# to trick apt - this is still legal to gpg(v)
+sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/  /g'  aptarchive/dists/stable/InRelease
+
+# we append the (evil unsigned) Release file to the (good signed) InRelease
+cat aptarchive/dists/stable/Release >> aptarchive/dists/stable/InRelease
+
+
+# ensure the update fails
+# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
+msgtest 'apt-get update for should fail with the modified' 'InRelease'
+aptget update 2>&1 | grep -q 'Hash Sum mismatch' > /dev/null && msgpass || msgfail
+
+# ensure there is no package
+testequal 'Reading package lists...
+Building dependency tree...
+E: Unable to locate package bad-mitm' aptget install bad-mitm -s
+
+# and verify that its not picked up
+testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm -q=0
+
+# and that the right one is used
+testequal "good-pkg:
+  Installed: (none)
+  Candidate: 1.0
+  Version table:
+     1.0 0
+        500 ${ARCHIVE} stable/main i386 Packages" aptcache policy good-pkg

+ 0 - 80
test/integration/test-inrelease-verification-fail

@@ -1,80 +0,0 @@
-#!/bin/sh
-
-set -e
-
-TESTDIR=$(readlink -f $(dirname $0))
-. $TESTDIR/framework
-
-setupenvironment
-configarchitecture "i386"
-
-buildsimplenativepackage 'good-pkg' 'all' '1.0' 'stable'
-
-setupaptarchive
-
-# now exchange to the Packages file, note that this could be 
-# done via MITM too
-cat > aptarchive/dists/stable/main/binary-i386/Packages <<EOF
-Package: bad-mitm
-Installed-Size: 108
-Architecture: all
-Version: 0.5-3
-Filename: pool/bad-mitm.deb
-Size: 14348
-SHA256: e9b9a3859940c5882b35d56c0097667e552d87b662778c2c451fe6db657b0519
-Description: Evil package
-EOF
-for pair in "gzip:gz"  "bzip2:bz2"  "lzma:lzma"  "xz:xz"; do
-    compressor=$(echo $pair|cut -f1 -d:)
-    extension=$(echo $pair|cut -f2 -d:)
-    $compressor -c aptarchive/dists/stable/main/binary-i386/Packages > aptarchive/dists/stable/main/binary-i386/Packages.$extension
-done
-
-# add a space into the BEGIN PGP SIGNATURE PART/END PGP SIGNATURE part
-# to trick apt - this is still legal to gpg(v)
-sed -i '/^-----BEGIN PGP SIGNATURE-----/,/^-----END PGP SIGNATURE-----/ s/^$/  /g'  aptarchive/dists/stable/InRelease
-
-# and append our own hashes for the modified Packages files
-cat >> aptarchive/dists/stable/InRelease <<EOF
-Origin: Ansgar
-Codename: evilevil
-Suite: stable
-Date: Sun, 03 Jun 2012 13:26:11 UTC
-Architectures: i386
-Components: main
-SHA512:
-EOF
-for comp in "" ".gz" ".bz2" ".xz" ".lzma"; do
- # Packages
- s="$(sha512sum aptarchive/dists/stable/main/binary-i386/Packages$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/binary-i386/Packages$comp) main/binary-i386/Packages$comp"
- echo " $s" >> aptarchive/dists/stable/InRelease
- # Sources
- s="$(sha512sum aptarchive/dists/stable/main/source/Sources$comp | cut -f1 -d' ') $(stat -c %s aptarchive/dists/stable/main/source/Sources$comp) main/source/Sources$comp"
- echo " $s" >> aptarchive/dists/stable/InRelease
-done;
-
-# deliver this
-changetowebserver
-
-# ensure the update fails 
-# useful for debugging to add "-o Debug::pkgAcquire::auth=true"
-if aptget update -qq; then
-    msgfail "apt-get update should NOT work for MITM"
-    exit 1
-fi
-
-# ensure there is no package
-testequal 'Reading package lists...
-Building dependency tree...
-E: Unable to locate package bad-mitm' aptget install bad-mitm
-
-# and verify that its not picked up
-#testequal 'N: Unable to locate package bad-mitm' aptcache policy bad-mitm
-
-# and that the right one is used
-#testequal 'good-pkg:
-#+  Installed: (none)
-#+  Candidate: 1.0
-#+  Version table:
-#+     1.0 0
-#+        500 http://localhost/ stable/main i386 Packages' aptcache policy good-pkg