diff options
Diffstat (limited to 'tests/cli')
| -rw-r--r-- | tests/cli/cli_test.go | 161 |
1 files changed, 137 insertions, 24 deletions
diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go index 9248f5d..08c1b83 100644 --- a/tests/cli/cli_test.go +++ b/tests/cli/cli_test.go @@ -16,6 +16,7 @@ import ( "github.com/rfjakob/gocryptfs/internal/configfile" "github.com/rfjakob/gocryptfs/internal/exitcodes" + "github.com/rfjakob/gocryptfs/internal/nametransform" "github.com/rfjakob/gocryptfs/tests/test_helpers" ) @@ -698,18 +699,29 @@ func TestSymlinkedCipherdir(t *testing.T) { // TestBadname tests the `-badname` option func TestBadname(t *testing.T) { + //Supported structure of badname: <ciphername><badname pattern><badname suffix> + //"Visible" shows the success of function DecryptName (cipher -> plain) + //"Access" shows the success of function EncryptAndHashBadName (plain -> cipher) + //Case Visible Access Description + //Case 1 x x Access file without BadName suffix (default mode) + //Case 2 x x Access file with BadName suffix which has a valid cipher file (will only be possible if file was created without badname option) + //Case 3 Access file with valid ciphername + BadName suffix (impossible since this would not be produced by DecryptName) + //Case 4 x x Access file with decryptable part of name and Badname suffix (default badname case) + //Case 5 x x Access file with undecryptable name and BadName suffix (e. g. when part of the cipher name was cut) + //Case 6 x Access file with multiple possible matches. + //Case 7 Access file with BadName suffix and non-matching pattern + dir := test_helpers.InitFS(t) mnt := dir + ".mnt" validFileName := "file" - invalidSuffix := ".invalid_file" - - // use static suffix for testing - test_helpers.MountOrFatal(t, dir, mnt, "-badname=*", "-extpass=echo test") - defer test_helpers.UnmountPanic(mnt) + invalidSuffix := "_invalid_file" + var contentCipher [7][]byte + //first mount without badname (see case 2) + test_helpers.MountOrFatal(t, dir, mnt, "-extpass=echo test", "-wpanic=false") - // write one valid filename (empty content) file := mnt + "/" + validFileName - err := ioutil.WriteFile(file, nil, 0600) + // Case 1: write one valid filename (empty content) + err := ioutil.WriteFile(file, []byte("Content Case 1."), 0600) if err != nil { t.Fatal(err) } @@ -720,7 +732,6 @@ func TestBadname(t *testing.T) { t.Fatal(err) } defer fread.Close() - encryptedfilename := "" ciphernames, err := fread.Readdirnames(0) if err != nil { @@ -733,14 +744,64 @@ func TestBadname(t *testing.T) { break } } + //Generate valid cipherdata for all cases + for i := 0; i < len(contentCipher); i++ { + err := ioutil.WriteFile(file, []byte(fmt.Sprintf("Content Case %d.", i+1)), 0600) + if err != nil { + t.Fatal(err) + } + //save the cipher data for file operations in cipher dir + contentCipher[i], err = ioutil.ReadFile(dir + "/" + encryptedfilename) + if err != nil { + t.Fatal(err) + } + } - // write invalid file which should be decodable - err = ioutil.WriteFile(dir+"/"+encryptedfilename+invalidSuffix, nil, 0600) + //re-write content for case 1 + err = ioutil.WriteFile(file, []byte("Content Case 1."), 0600) if err != nil { t.Fatal(err) } - // write invalid file which is not decodable (cropping the encrpyted file name) - err = ioutil.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+invalidSuffix, nil, 0600) + + // Case 2: File with invalid suffix in plain name but valid cipher file + file = mnt + "/" + validFileName + nametransform.BadNameFlag + err = ioutil.WriteFile(file, []byte("Content Case 2."), 0600) + if err != nil { + t.Fatal(err) + } + // unmount... + test_helpers.UnmountPanic(mnt) + + // ...and remount with -badname. + test_helpers.MountOrFatal(t, dir, mnt, "-badname=*valid*", "-extpass=echo test", "-wpanic=false") + defer test_helpers.UnmountPanic(mnt) + + // Case 3 is impossible: only BadnameSuffix would mean the cipher name is valid + + // Case 4: write invalid file which should be decodable + err = ioutil.WriteFile(dir+"/"+encryptedfilename+invalidSuffix, contentCipher[3], 0600) + if err != nil { + t.Fatal(err) + } + //Case 5: write invalid file which is not decodable (cropping the encrpyted file name) + err = ioutil.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+invalidSuffix, contentCipher[4], 0600) + if err != nil { + t.Fatal(err) + } + + // Case 6: Multiple possible matches + // generate two files with invalid cipher names which can both match the badname pattern + err = ioutil.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wPC"+invalidSuffix, contentCipher[5], 0600) + if err != nil { + t.Fatal(err) + } + err = ioutil.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wP"+invalidSuffix, contentCipher[5], 0600) + if err != nil { + t.Fatal(err) + } + + // Case 7: Non-Matching badname pattern + err = ioutil.WriteFile(dir+"/"+encryptedfilename+"wrongPattern", contentCipher[6], 0600) if err != nil { t.Fatal(err) } @@ -755,22 +816,74 @@ func TestBadname(t *testing.T) { if err != nil { t.Fatal(err) } - foundDecodable := false - foundUndecodable := false + + searchstrings := []string{ + validFileName, + validFileName + nametransform.BadNameFlag, + "", + validFileName + invalidSuffix + nametransform.BadNameFlag, + encryptedfilename[:len(encryptedfilename)-2] + invalidSuffix + nametransform.BadNameFlag, + "", + validFileName + "wrongPattern" + nametransform.BadNameFlag} + results := []bool{false, false, true, false, false, true, true} + var filecontent string + var filebytes []byte for _, name := range names { - if strings.Contains(name, validFileName+invalidSuffix+" GOCRYPTFS_BAD_NAME") { - foundDecodable = true - } else if strings.Contains(name, encryptedfilename[:len(encryptedfilename)-2]+invalidSuffix+" GOCRYPTFS_BAD_NAME") { - foundUndecodable = true - } - } + if name == searchstrings[0] { + //Case 1: Test access + filebytes, err = ioutil.ReadFile(mnt + "/" + name) + if err != nil { + t.Fatal(err) + } + filecontent = string(filebytes) + if filecontent == "Content Case 1." { + results[0] = true + } - if !foundDecodable { - t.Errorf("did not find invalid name %s in %v", validFileName+invalidSuffix+" GOCRYPTFS_BAD_NAME", names) + } else if name == searchstrings[1] { + //Case 2: Test Access + filebytes, err = ioutil.ReadFile(mnt + "/" + name) + if err != nil { + t.Fatal(err) + } + filecontent = string(filebytes) + if filecontent == "Content Case 2." { + results[1] = true + } + } else if name == searchstrings[3] { + //Case 4: Test Access + filebytes, err = ioutil.ReadFile(mnt + "/" + name) + if err != nil { + t.Fatal(err) + } + filecontent = string(filebytes) + if filecontent == "Content Case 4." { + results[3] = true + } + } else if name == searchstrings[4] { + //Case 5: Test Access + filebytes, err = ioutil.ReadFile(mnt + "/" + name) + if err != nil { + t.Fatal(err) + } + filecontent = string(filebytes) + if filecontent == "Content Case 5." { + results[4] = true + } + } else if name == searchstrings[6] { + //Case 7 + results[6] = false + } + //Case 3 is always passed + //Case 6 is highly obscure: + //The last part of a valid cipher name must match the badname pattern AND + //the remaining cipher name must still be decryptable. Test case not programmable in a general case } - if !foundUndecodable { - t.Errorf("did not find invalid name %s in %v", encryptedfilename[:len(encryptedfilename)-2]+invalidSuffix+" GOCRYPTFS_BAD_NAME", names) + for i := 0; i < len(results); i++ { + if !results[i] { + t.Errorf("Case %d failed: '%s' in [%s]", i+1, searchstrings[i], strings.Join(names, ",")) + } } } |