AniNIX/WarrantCanary
AniNIX/WarrantCanary
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updates to add testing by default; portability fixes

Browse Source
This commit is contained in:
DarkFeather 2019-12-07 11:22:09 -06:00
parent b016ae782b
commit 6d1f6390c3
5 changed files with 97 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tests/__pycache__/

1
hooks/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
tests/__pycache__

48
hooks/pre-commit Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
#
# An example hook script to verify what is about to be committed.
# Called by "git commit" with no arguments. The hook should
# exit with non-zero status after issuing an appropriate message if
# it wants to stop the commit.
#
# To enable this hook, rename this file to "pre-commit".
if git rev-parse --verify HEAD >/dev/null 2>&1
then
against=HEAD
else
# Initial commit: diff against an empty tree object
against=$(git hash-object -t tree /dev/null)
fi
# If you want to allow non-ASCII filenames set this variable to true.
allownonascii=$(git config --bool hooks.allownonascii)
# Redirect output to stderr.
exec 1>&2
# Cross platform projects tend to avoid non-ASCII filenames; prevent
# them from being added to the repository. We exploit the fact that the
# printable range starts at the space character and ends with tilde.
if [ "$allownonascii" != "true" ] &&
# Note that the use of brackets around a tr range is ok here, (it's
# even required, for portability to Solaris 10's /usr/bin/tr), since
# the square bracket bytes happen to fall in the designated range.
test $(git diff --cached --name-only --diff-filter=A -z $against |
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
then
cat <<\EOF
Error: Attempt to add a non-ASCII file name.
This can cause problems if you want to work with people on other platforms.
To be portable it is advisable to rename the file.
If you know what you are doing you can disable this check using:
git config hooks.allownonascii true
EOF
exit 1
fi
exec python3 -m pytest

33
tests/test_warrant_canary.py Normal file
View File

@ -0,0 +1,33 @@
import pytest
import shutil
import subprocess
def test_warrant_canary_usage():
### Ensure that the script provides output.
procState=subprocess.run(['./warrant_canary','-h'],capture_output=True,timeout=3)
assert procState.returncode == 0 and procState.stderr == b''
def test_warrant_canary_seed():
### Test that we can seed a warrant canary file
# procState=subprocess.run(['./warrant_canary','-s'],capture_output=True,timeout=3)
try:
with open('canary.asc') as fh:
# assert procState.returncode == 0 and procState.stderr == b'' and 'BEGIN PGP SIGNATURE' in fh.read() and b'Success' in procState.stderr
assert 'BEGIN PGP SIGNATURE' in fh.read()
except:
assert False
def test_warrant_canary_basic_verify():
### Test that we can verify with no arguments
procState=subprocess.run(['./warrant_canary','-V'],capture_output=True,timeout=3)
assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout
def test_warrant_canary_file_verify():
### Test that we can verify with a file
procState=subprocess.run(['./warrant_canary','-c','./canary.asc','-V'],capture_output=True,timeout=3)
assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout
def test_warrant_canary_url_verify():
### Test that we can verify with a web address
procState=subprocess.run(['./warrant_canary','-c','https://cryptostorm.is/canary.txt','-k','E9C7C942','-K','pgp.mit.edu','-V'],capture_output=True,timeout=30)
assert procState.returncode == 0 and procState.stderr == b'' and b'Good signature' in procState.stdout

17
warrant_canary
View File

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
source /opt/aninix/Uniglot/Bash/header
unset canaryText unset canaryText
# cscanary=https://cryptostorm.is/canary.txt # cscanary=https://cryptostorm.is/canary.txt
# cskeyserver=pgp.mit.edu # cskeyserver=pgp.mit.edu
@ -23,11 +21,24 @@ function Usage() {
exit $retcode exit $retcode
} }
## Visual Functions ##
# These function creates a visual indicator that a step has happened.
# Borrowed from https://foundation.aninix.net/AniNIX/Uniglot for portability.
function header () {
tput setaf 1; tput bold; echo $@; tput sgr0; return
}
function errorheader () {
tput setaf 1 1>&2; tput bold 1>&2; echo "ERROR:" $@ 1>&2; tput sgr0 1>&2; return
}
function infoheader() {
tput setaf 3; tput bold; echo $@; tput sgr0; return
}
function ConfirmGPGKeys() { function ConfirmGPGKeys() {
# Try to make sure we either have or can pull the key # Try to make sure we either have or can pull the key
if ! gpg2 --fingerprint "$key"; then if ! gpg2 --fingerprint "$key"; then
gpg --keyserver "$keyserver" --recv-key "$key" gpg --keyserver "$keyserver" --recv-key "$key"
if ! [ $? -eq 0 ] || gpg2 --fingerprint "$key"; then if ! gpg2 --fingerprint "$key"; then
echo Cannot pull the key: "$key". echo Cannot pull the key: "$key".
exit 1; exit 1;
fi fi