From 6d1f6390c32a99515c817844c696e09cbd0a8e4c Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Sat, 7 Dec 2019 11:22:09 -0600 Subject: [PATCH] Updates to add testing by default; portability fixes --- .gitignore | 1 + hooks/.gitignore | 1 + hooks/pre-commit | 48 ++++++++++++++++++++++++++++++++++++ tests/test_warrant_canary.py | 33 +++++++++++++++++++++++++ warrant_canary | 17 ++++++++++--- 5 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 hooks/.gitignore create mode 100755 hooks/pre-commit create mode 100644 tests/test_warrant_canary.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fb74ddf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +tests/__pycache__/ diff --git a/hooks/.gitignore b/hooks/.gitignore new file mode 100644 index 0000000..1bbf394 --- /dev/null +++ b/hooks/.gitignore @@ -0,0 +1 @@ +tests/__pycache__ diff --git a/hooks/pre-commit b/hooks/pre-commit new file mode 100755 index 0000000..00a7ecb --- /dev/null +++ b/hooks/pre-commit @@ -0,0 +1,48 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed. +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-commit". + +if git rev-parse --verify HEAD >/dev/null 2>&1 +then + against=HEAD +else + # Initial commit: diff against an empty tree object + against=$(git hash-object -t tree /dev/null) +fi + +# If you want to allow non-ASCII filenames set this variable to true. +allownonascii=$(git config --bool hooks.allownonascii) + +# Redirect output to stderr. +exec 1>&2 + +# Cross platform projects tend to avoid non-ASCII filenames; prevent +# them from being added to the repository. We exploit the fact that the +# printable range starts at the space character and ends with tilde. +if [ "$allownonascii" != "true" ] && + # Note that the use of brackets around a tr range is ok here, (it's + # even required, for portability to Solaris 10's /usr/bin/tr), since + # the square bracket bytes happen to fall in the designated range. + test $(git diff --cached --name-only --diff-filter=A -z $against | + LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0 +then + cat <<\EOF +Error: Attempt to add a non-ASCII file name. + +This can cause problems if you want to work with people on other platforms. + +To be portable it is advisable to rename the file. + +If you know what you are doing you can disable this check using: + + git config hooks.allownonascii true +EOF + exit 1 +fi + +exec python3 -m pytest diff --git a/tests/test_warrant_canary.py b/tests/test_warrant_canary.py new file mode 100644 index 0000000..7d46afb --- /dev/null +++ b/tests/test_warrant_canary.py @@ -0,0 +1,33 @@ +import pytest +import shutil +import subprocess + +def test_warrant_canary_usage(): + ### Ensure that the script provides output. + procState=subprocess.run(['./warrant_canary','-h'],capture_output=True,timeout=3) + assert procState.returncode == 0 and procState.stderr == b'' + +def test_warrant_canary_seed(): + ### Test that we can seed a warrant canary file + # procState=subprocess.run(['./warrant_canary','-s'],capture_output=True,timeout=3) + try: + with open('canary.asc') as fh: + # assert procState.returncode == 0 and procState.stderr == b'' and 'BEGIN PGP SIGNATURE' in fh.read() and b'Success' in procState.stderr + assert 'BEGIN PGP SIGNATURE' in fh.read() + except: + assert False + +def test_warrant_canary_basic_verify(): + ### Test that we can verify with no arguments + procState=subprocess.run(['./warrant_canary','-V'],capture_output=True,timeout=3) + assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout + +def test_warrant_canary_file_verify(): + ### Test that we can verify with a file + procState=subprocess.run(['./warrant_canary','-c','./canary.asc','-V'],capture_output=True,timeout=3) + assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout + +def test_warrant_canary_url_verify(): + ### Test that we can verify with a web address + procState=subprocess.run(['./warrant_canary','-c','https://cryptostorm.is/canary.txt','-k','E9C7C942','-K','pgp.mit.edu','-V'],capture_output=True,timeout=30) + assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout diff --git a/warrant_canary b/warrant_canary index 14bf992..5b5aaac 100755 --- a/warrant_canary +++ b/warrant_canary @@ -1,7 +1,5 @@ #!/bin/bash -source /opt/aninix/Uniglot/Bash/header - unset canaryText # cscanary=https://cryptostorm.is/canary.txt # cskeyserver=pgp.mit.edu @@ -23,11 +21,24 @@ function Usage() { exit $retcode } +## Visual Functions ## +# These function creates a visual indicator that a step has happened. +# Borrowed from https://foundation.aninix.net/AniNIX/Uniglot for portability. +function header () { + tput setaf 1; tput bold; echo $@; tput sgr0; return +} +function errorheader () { + tput setaf 1 1>&2; tput bold 1>&2; echo "ERROR:" $@ 1>&2; tput sgr0 1>&2; return +} +function infoheader() { + tput setaf 3; tput bold; echo $@; tput sgr0; return +} + function ConfirmGPGKeys() { # Try to make sure we either have or can pull the key if ! gpg2 --fingerprint "$key"; then gpg --keyserver "$keyserver" --recv-key "$key" - if ! [ $? -eq 0 ] || gpg2 --fingerprint "$key"; then + if ! gpg2 --fingerprint "$key"; then echo Cannot pull the key: "$key". exit 1; fi