gitee.com/liu-zhao234568/cntest@v1.0.0/cmd/geth/version_check_test.go (about)

     1  // Copyright 2020 The go-ethereum Authors
     2  // This file is part of go-ethereum.
     3  //
     4  // go-ethereum is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // go-ethereum is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU General Public License
    15  // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  package main
    18  
    19  import (
    20  	"encoding/json"
    21  	"fmt"
    22  	"io/ioutil"
    23  	"path/filepath"
    24  	"regexp"
    25  	"strconv"
    26  	"strings"
    27  	"testing"
    28  )
    29  
    30  func TestVerification(t *testing.T) {
    31  	// Signatures generated with `minisign`
    32  	t.Run("minisig", func(t *testing.T) {
    33  		// For this test, the pubkey is in testdata/minisign.pub
    34  		// (the privkey is `minisign.sec`, if we want to expand this test. Password 'test' )
    35  		pub := "RWQkliYstQBOKOdtClfgC3IypIPX6TAmoEi7beZ4gyR3wsaezvqOMWsp"
    36  		testVerification(t, pub, "./testdata/vcheck/minisig-sigs/")
    37  	})
    38  	// Signatures generated with `signify-openbsd`
    39  	t.Run("signify-openbsd", func(t *testing.T) {
    40  		t.Skip("This currently fails, minisign expects 4 lines of data, signify provides only 2")
    41  		// For this test, the pubkey is in testdata/signifykey.pub
    42  		// (the privkey is `signifykey.sec`, if we want to expand this test. Password 'test' )
    43  		pub := "RWSKLNhZb0KdATtRT7mZC/bybI3t3+Hv/O2i3ye04Dq9fnT9slpZ1a2/"
    44  		testVerification(t, pub, "./testdata/vcheck/signify-sigs/")
    45  	})
    46  }
    47  
    48  func testVerification(t *testing.T, pubkey, sigdir string) {
    49  	// Data to verify
    50  	data, err := ioutil.ReadFile("./testdata/vcheck/data.json")
    51  	if err != nil {
    52  		t.Fatal(err)
    53  	}
    54  	// Signatures, with and without comments, both trusted and untrusted
    55  	files, err := ioutil.ReadDir(sigdir)
    56  	if err != nil {
    57  		t.Fatal(err)
    58  	}
    59  	for _, f := range files {
    60  		sig, err := ioutil.ReadFile(filepath.Join(sigdir, f.Name()))
    61  		if err != nil {
    62  			t.Fatal(err)
    63  		}
    64  		err = verifySignature([]string{pubkey}, data, sig)
    65  		if err != nil {
    66  			t.Fatal(err)
    67  		}
    68  	}
    69  }
    70  
    71  func versionUint(v string) int {
    72  	mustInt := func(s string) int {
    73  		a, err := strconv.Atoi(s)
    74  		if err != nil {
    75  			panic(v)
    76  		}
    77  		return a
    78  	}
    79  	components := strings.Split(strings.TrimPrefix(v, "v"), ".")
    80  	a := mustInt(components[0])
    81  	b := mustInt(components[1])
    82  	c := mustInt(components[2])
    83  	return a*100*100 + b*100 + c
    84  }
    85  
    86  // TestMatching can be used to check that the regexps are correct
    87  func TestMatching(t *testing.T) {
    88  	data, _ := ioutil.ReadFile("./testdata/vcheck/vulnerabilities.json")
    89  	var vulns []vulnJson
    90  	if err := json.Unmarshal(data, &vulns); err != nil {
    91  		t.Fatal(err)
    92  	}
    93  	check := func(version string) {
    94  		vFull := fmt.Sprintf("Geth/%v-unstable-15339cf1-20201204/linux-amd64/go1.15.4", version)
    95  		for _, vuln := range vulns {
    96  			r, err := regexp.Compile(vuln.Check)
    97  			vulnIntro := versionUint(vuln.Introduced)
    98  			vulnFixed := versionUint(vuln.Fixed)
    99  			current := versionUint(version)
   100  			if err != nil {
   101  				t.Fatal(err)
   102  			}
   103  			if vuln.Name == "Denial of service due to Go CVE-2020-28362" {
   104  				// this one is not tied to geth-versions
   105  				continue
   106  			}
   107  			if vulnIntro <= current && vulnFixed > current {
   108  				// Should be vulnerable
   109  				if !r.MatchString(vFull) {
   110  					t.Errorf("Should be vulnerable, version %v, intro: %v, fixed: %v %v %v",
   111  						version, vuln.Introduced, vuln.Fixed, vuln.Name, vuln.Check)
   112  				}
   113  			} else {
   114  				if r.MatchString(vFull) {
   115  					t.Errorf("Should not be flagged vulnerable, version %v, intro: %v, fixed: %v %v %d %d %d",
   116  						version, vuln.Introduced, vuln.Fixed, vuln.Name, vulnIntro, current, vulnFixed)
   117  				}
   118  			}
   119  
   120  		}
   121  	}
   122  	for major := 1; major < 2; major++ {
   123  		for minor := 0; minor < 30; minor++ {
   124  			for patch := 0; patch < 30; patch++ {
   125  				vShort := fmt.Sprintf("v%d.%d.%d", major, minor, patch)
   126  				check(vShort)
   127  			}
   128  		}
   129  	}
   130  }