|
| 1 | +#!/bin/bash |
| 2 | +# |
| 3 | +# Copyright (C) 2021 Matthew Leeds <mwleeds@protonmail.com> |
| 4 | +# |
| 5 | +# SPDX-License-Identifier: LGPL-2.0-or-later |
| 6 | + |
| 7 | +set -euo pipefail |
| 8 | + |
| 9 | +. $(dirname $0)/libtest.sh |
| 10 | + |
| 11 | +echo "1..7" |
| 12 | + |
| 13 | +setup_repo |
| 14 | + |
| 15 | +COUNTER=1 |
| 16 | + |
| 17 | +create_app () { |
| 18 | + local OPTIONS="$1" |
| 19 | + local DIR=`mktemp -d` |
| 20 | + |
| 21 | + mkdir ${DIR}/files |
| 22 | + echo $COUNTER > ${DIR}/files/counter |
| 23 | + let COUNTER=COUNTER+1 |
| 24 | + |
| 25 | + local INVALID="" |
| 26 | + if [[ $OPTIONS =~ "invalid" ]]; then |
| 27 | + INVALID=invalidkeyfileline |
| 28 | + fi |
| 29 | + cat > ${DIR}/metadata <<EOF |
| 30 | +[Application] |
| 31 | +name=org.test.Malicious |
| 32 | +runtime=org.test.Platform/${ARCH}/master |
| 33 | +$INVALID |
| 34 | +
|
| 35 | +[Context] |
| 36 | +EOF |
| 37 | + if [[ $OPTIONS =~ "mismatch" ]]; then |
| 38 | + echo -e "filesystems=host;" >> ${DIR}/metadata |
| 39 | + fi |
| 40 | + if [[ $OPTIONS =~ "hidden" ]]; then |
| 41 | + echo -ne "\0" >> ${DIR}/metadata |
| 42 | + echo -e "\nfilesystems=home;" >> ${DIR}/metadata |
| 43 | + fi |
| 44 | + local XA_METADATA=--add-metadata-string=xa.metadata="$(head -n6 ${DIR}/metadata)"$'\n' |
| 45 | + if [[ $OPTIONS =~ "no-xametadata" ]]; then |
| 46 | + XA_METADATA="--add-metadata-string=xa.nometadata=1" |
| 47 | + fi |
| 48 | + ostree commit --repo=repos/test --branch=app/org.test.Malicious/${ARCH}/master ${FL_GPGARGS} "$XA_METADATA" ${DIR}/ |
| 49 | + if [[ $OPTIONS =~ "no-cache-in-summary" ]]; then |
| 50 | + ostree --repo=repos/test ${FL_GPGARGS} summary -u |
| 51 | + # force use of legacy summary format |
| 52 | + rm -rf repos/test/summary.idx repos/test/summaries |
| 53 | + else |
| 54 | + update_repo |
| 55 | + fi |
| 56 | + rm -rf ${DIR} |
| 57 | +} |
| 58 | + |
| 59 | +cleanup_repo () { |
| 60 | + ostree refs --repo=repos/test --delete app/org.test.Malicious/${ARCH}/master |
| 61 | + update_repo |
| 62 | +} |
| 63 | + |
| 64 | +create_app "hidden" |
| 65 | + |
| 66 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 67 | + assert_not_reached "Should not be able to install app with hidden permissions" |
| 68 | +fi |
| 69 | + |
| 70 | +assert_file_has_content install-error-log "not matching expected metadata" |
| 71 | + |
| 72 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 73 | + |
| 74 | +cleanup_repo |
| 75 | + |
| 76 | +ok "app with hidden permissions can't be installed (CVE-2021-43860)" |
| 77 | + |
| 78 | +create_app no-xametadata |
| 79 | + |
| 80 | +# The install will fail because the metadata in the summary doesn't match the metadata on the commit |
| 81 | +# The missing xa.metadata in the commit got turned into "" in the xa.cache |
| 82 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 83 | + assert_not_reached "Should not be able to install app with missing xa.metadata" |
| 84 | +fi |
| 85 | + |
| 86 | +assert_file_has_content install-error-log "not matching expected metadata" |
| 87 | + |
| 88 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 89 | + |
| 90 | +cleanup_repo |
| 91 | + |
| 92 | +ok "app with no xa.metadata can't be installed" |
| 93 | + |
| 94 | +create_app "no-xametadata no-cache-in-summary" |
| 95 | + |
| 96 | +# The install will fail because there's no metadata in the summary or on the commit |
| 97 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 98 | + assert_not_reached "Should not be able to install app with missing metadata" |
| 99 | +fi |
| 100 | +assert_file_has_content install-error-log "No xa.metadata in local commit" |
| 101 | + |
| 102 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 103 | + |
| 104 | +cleanup_repo |
| 105 | + |
| 106 | +ok "app with no xa.metadata and no metadata in summary can't be installed" |
| 107 | + |
| 108 | +create_app "invalid" |
| 109 | + |
| 110 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 111 | + assert_not_reached "Should not be able to install app with invalid metadata" |
| 112 | +fi |
| 113 | +assert_file_has_content install-error-log "Metadata for .* is invalid" |
| 114 | + |
| 115 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 116 | + |
| 117 | +cleanup_repo |
| 118 | + |
| 119 | +ok "app with invalid metadata (in summary) can't be installed" |
| 120 | + |
| 121 | +create_app "invalid no-cache-in-summary" |
| 122 | + |
| 123 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 124 | + assert_not_reached "Should not be able to install app with invalid metadata" |
| 125 | +fi |
| 126 | +assert_file_has_content install-error-log "Metadata for .* is invalid" |
| 127 | + |
| 128 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 129 | + |
| 130 | +cleanup_repo |
| 131 | + |
| 132 | +ok "app with invalid metadata (in commit) can't be installed" |
| 133 | + |
| 134 | +create_app "mismatch no-cache-in-summary" |
| 135 | + |
| 136 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 137 | + assert_not_reached "Should not be able to install app with non-matching metadata" |
| 138 | +fi |
| 139 | +assert_file_has_content install-error-log "Commit metadata for .* not matching expected metadata" |
| 140 | + |
| 141 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 142 | + |
| 143 | +cleanup_repo |
| 144 | + |
| 145 | +ok "app with mismatched metadata (in commit) can't be installed" |
| 146 | + |
| 147 | +create_app "mismatch" |
| 148 | + |
| 149 | +if ${FLATPAK} ${U} install -y test-repo org.test.Malicious 2>install-error-log; then |
| 150 | + assert_not_reached "Should not be able to install app with non-matching metadata" |
| 151 | +fi |
| 152 | +assert_file_has_content install-error-log "Commit metadata for .* not matching expected metadata" |
| 153 | + |
| 154 | +assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active |
| 155 | + |
| 156 | +cleanup_repo |
| 157 | + |
| 158 | +ok "app with mismatched metadata (in summary) can't be installed" |
0 commit comments