Skip to content

Commit

Permalink
Check 'role' field in 'sign_metadata' payload
Browse files Browse the repository at this point in the history
'sign_metadata' only supports root, thus the role in the payload is
not relevant, and was ignored previously.

For consistency, this commit adds a check that the role is indeed
root and fails otherwise.

This is also tested by adding another column to the test table of
test_sign_metadata__update, used to patch the default payload in test
runs.

Signed-off-by: Lukas Puehringer <[email protected]>
  • Loading branch information
lukpueh committed Oct 4, 2023
1 parent bbd8b22 commit 0c8c26f
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 2 deletions.
6 changes: 6 additions & 0 deletions repository_service_tuf_worker/repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -1362,6 +1362,12 @@ def _result(status, error=None, bootstrap=None, update=None):
return self._task_result(TaskName.SIGN_METADATA, status, details)

signature = Signature.from_dict(payload["signature"])
rolename = payload["role"]

# Assert requested metadata type is root
if rolename != Root.type:
msg = f"Expected '{Root.type}', got '{rolename}'"
return _result(False, error=msg)

# Assert pending signing event exists
metadata_dict = self._settings.get_fresh("ROOT_SIGNING")
Expand Down
21 changes: 19 additions & 2 deletions tests/unit/tuf_repository_service_worker/test_repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -3272,14 +3272,25 @@ def fake_get_fresh(key):
]

@pytest.mark.parametrize(
"validation_results, details, status",
"payload_patch, validation_results, details, status",
[
(
{"role": "foo"},
{},
{
"message": "Signature Failed",
"error": "Expected 'root', got 'foo'",
},
False,
),
(
{},
{"signature": iter((False, False))},
{"message": "Signature Failed", "error": "Invalid signature"},
False,
),
(
{},
{
"signature": iter((True, False)),
"threshold": iter((False, False)),
Expand All @@ -3291,6 +3302,7 @@ def fake_get_fresh(key):
True,
),
(
{},
{
"signature": iter((False, True)),
"threshold": iter((False, True)),
Expand All @@ -3302,6 +3314,7 @@ def fake_get_fresh(key):
True,
),
(
{},
{
"signature": iter((True, False)),
"threshold": iter((True, False)),
Expand All @@ -3313,6 +3326,7 @@ def fake_get_fresh(key):
True,
),
(
{},
{
"signature": iter((True, True)),
"threshold": iter((True, True)),
Expand All @@ -3330,6 +3344,7 @@ def test_sign_metadata__update(
test_repo,
monkeypatch,
mocked_datetime,
payload_patch,
validation_results,
details,
status,
Expand Down Expand Up @@ -3390,7 +3405,9 @@ def fake_get_fresh(key):

# Call sign_metadata with fake payload
# All deserialization and validation is mocked
result = test_repo.sign_metadata({"signature": "fake"})
payload = {"signature": "fake", "role": "root"}
payload.update(payload_patch)
result = test_repo.sign_metadata(payload)

assert result == {
"task": "sign_metadata",
Expand Down

0 comments on commit 0c8c26f

Please sign in to comment.