From b8ddc49eded4d6522cd30b99b773bab56d0f9fc3 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 17 Aug 2021 15:16:09 +0200 Subject: tests/cli/TestBadname: make sure case 5 is never decodable Sometimes, by chance, case 5 resulted in valid decrypted data: --- FAIL: TestBadname (0.08s) cli_test.go:885: Case 5 failed: "J7Rbo1BvfXojpBEr0Qrt_invalid_file GOCRYPTFS_BAD_NAME" in ["file GOCRYPTFS_BAD_NAME,\x9e$O\xc3j\x8c\xd0\x06\x01#\f%k\x02\xcanvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file,file_invalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME"] Add percent signs so base64 decoding always fails. Fixes https://github.com/rfjakob/gocryptfs/runs/3347883728 --- tests/cli/cli_test.go | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'tests/cli') diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go index 8728622..85a8006 100644 --- a/tests/cli/cli_test.go +++ b/tests/cli/cli_test.go @@ -698,19 +698,19 @@ func TestSymlinkedCipherdir(t *testing.T) { } // TestBadname tests the `-badname` option +// +// Supported structure of badname: +// "Visible" shows the success of function DecryptName (cipher -> plain) +// "Access" shows the success of function EncryptAndHashBadName (plain -> cipher) +// Case Visible Access Description +// Case 1 x x Access file without BadName suffix (default mode) +// Case 2 x x Access file with BadName suffix which has a valid cipher file (will only be possible if file was created without badname option) +// Case 3 Access file with valid ciphername + BadName suffix (impossible since this would not be produced by DecryptName) +// Case 4 x x Access file with decryptable part of name and Badname suffix (default badname case) +// Case 5 x x Access file with undecryptable name and BadName suffix (e. g. when part of the cipher name was cut) +// Case 6 x Access file with multiple possible matches. +// Case 7 Access file with BadName suffix and non-matching pattern func TestBadname(t *testing.T) { - //Supported structure of badname: - //"Visible" shows the success of function DecryptName (cipher -> plain) - //"Access" shows the success of function EncryptAndHashBadName (plain -> cipher) - //Case Visible Access Description - //Case 1 x x Access file without BadName suffix (default mode) - //Case 2 x x Access file with BadName suffix which has a valid cipher file (will only be possible if file was created without badname option) - //Case 3 Access file with valid ciphername + BadName suffix (impossible since this would not be produced by DecryptName) - //Case 4 x x Access file with decryptable part of name and Badname suffix (default badname case) - //Case 5 x x Access file with undecryptable name and BadName suffix (e. g. when part of the cipher name was cut) - //Case 6 x Access file with multiple possible matches. - //Case 7 Access file with BadName suffix and non-matching pattern - dir := test_helpers.InitFS(t) mnt := dir + ".mnt" validFileName := "file" @@ -721,7 +721,7 @@ func TestBadname(t *testing.T) { file := mnt + "/" + validFileName // Case 1: write one valid filename (empty content) - err := ioutil.WriteFile(file, []byte("Content Case 1."), 0600) + err := ioutil.WriteFile(file, nil, 0600) if err != nil { t.Fatal(err) } @@ -783,8 +783,8 @@ func TestBadname(t *testing.T) { if err != nil { t.Fatal(err) } - //Case 5: write invalid file which is not decodable (cropping the encrpyted file name) - err = ioutil.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+invalidSuffix, contentCipher[4], 0600) + //Case 5: write invalid file which is not decodable (replace last 2 bytes with percent sign) + err = ioutil.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+"%%"+invalidSuffix, contentCipher[4], 0600) if err != nil { t.Fatal(err) } @@ -822,7 +822,7 @@ func TestBadname(t *testing.T) { validFileName + nametransform.BadnameSuffix, "", validFileName + invalidSuffix + nametransform.BadnameSuffix, - encryptedfilename[:len(encryptedfilename)-2] + invalidSuffix + nametransform.BadnameSuffix, + encryptedfilename[:len(encryptedfilename)-2] + "%%" + invalidSuffix + nametransform.BadnameSuffix, "", validFileName + "wrongPattern" + nametransform.BadnameSuffix} results := []bool{false, false, true, false, false, true, true} -- cgit v1.2.3