forked from freedomofpress/securedrop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
unit_tests.py
executable file
·598 lines (502 loc) · 22.3 KB
/
unit_tests.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import shutil
import tempfile
import unittest
import re
from cStringIO import StringIO
import zipfile
from time import sleep
import uuid
from mock import patch, ANY
import gnupg
from flask import session, g, escape
from flask_wtf import CsrfProtect
from bs4 import BeautifulSoup
# Set environment variable so config.py uses a test environment
os.environ['SECUREDROP_ENV'] = 'test'
import config
import crypto_util
import store
import source
import journalist
import test_setup
def _block_on_reply_keypair_gen(codename):
sid = crypto_util.hash_codename(codename)
while not crypto_util.getkey(sid):
sleep(0.1)
def _logout(test_client):
# See http://flask.pocoo.org/docs/testing/#accessing-and-modifying-sessions
# This is necessary because SecureDrop doesn't have a logout button, so a
# user is logged in until they close the browser, which clears the session.
# For testing, this function simulates closing the browser at places
# where a source is likely to do so (for instance, between submitting a
# document and checking for a journalist reply).
with test_client.session_transaction() as sess:
sess.clear()
def shared_setup():
"""Set up the file system, GPG, and database"""
test_setup.create_directories()
test_setup.init_gpg()
test_setup.init_db()
# Do tests that should always run on app startup
crypto_util.do_runtime_tests()
def shared_teardown():
test_setup.clean_root()
class TestSource(unittest.TestCase):
def setUp(self):
shared_setup()
self.app = source.app
self.client = self.app.test_client()
def tearDown(self):
shared_teardown()
def test_index(self):
"""Test that the landing page loads and looks how we expect"""
response = self.client.get('/')
self.assertEqual(response.status_code, 200)
self.assertIn("Submit documents for the first time", response.data)
self.assertIn("Already submitted something?", response.data)
def _find_codename(self, html):
"""Find a source codename (diceware passphrase) in HTML"""
# Codenames may contain HTML escape characters, and the wordlist
# contains various symbols.
codename_re = r'<p id="code-name" class="code-name">(?P<codename>[a-z0-9 &#;?:=@_.*+()\'"$%!-]+)</p>'
codename_match = re.search(codename_re, html)
self.assertIsNotNone(codename_match)
return codename_match.group('codename')
def test_generate(self):
with self.client as c:
rv = c.get('/generate')
self.assertEqual(rv.status_code, 200)
session_codename = session['codename']
self.assertIn("Submitting for the first time", rv.data)
self.assertIn(
"To protect your identity, we're assigning you a unique code name.", rv.data)
codename = self._find_codename(rv.data)
# default codename length is 8 words
self.assertEqual(len(codename.split()), 8)
# codename is also stored in the session - make sure it matches the
# codename displayed to the source
self.assertEqual(codename, escape(session_codename))
def test_regenerate_valid_lengths(self):
"""Make sure we can regenerate all valid length codenames"""
for codename_len in xrange(7, 11):
response = self.client.post('/generate', data={
'number-words': str(codename_len),
})
self.assertEqual(response.status_code, 200)
codename = self._find_codename(response.data)
self.assertEquals(len(codename.split()), codename_len)
def test_regenerate_invalid_lengths(self):
"""If the codename length is invalid, it should return 403 Forbidden"""
for codename_len in (2, 999):
response = self.client.post('/generate', data={
'number-words': str(codename_len),
})
self.assertEqual(response.status_code, 403)
def test_create(self):
with self.client as c:
rv = c.get('/generate')
codename = session['codename']
rv = c.post('/create', follow_redirects=True)
self.assertTrue(session['logged_in'])
# should be redirected to /lookup
self.assertIn("Submit a document, message, or both", rv.data)
def _new_codename(self):
"""Helper function to go through the "generate codename" flow"""
with self.client as c:
rv = c.get('/generate')
codename = session['codename']
rv = c.post('/create')
return codename
def test_lookup(self):
"""Test various elements on the /lookup page"""
codename = self._new_codename()
rv = self.client.post('login', data=dict(codename=codename),
follow_redirects=True)
# redirects to /lookup
self.assertIn("Download journalist's public key", rv.data)
# download the public key
rv = self.client.get('journalist-key')
self.assertIn("BEGIN PGP PUBLIC KEY BLOCK", rv.data)
def test_login_and_logout(self):
rv = self.client.get('/login')
self.assertEqual(rv.status_code, 200)
self.assertIn("Already submitted something?", rv.data)
codename = self._new_codename()
with self.client as c:
rv = c.post('/login', data=dict(codename=codename),
follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn("Submit a document, message, or both", rv.data)
self.assertTrue(session['logged_in'])
_logout(c)
with self.client as c:
rv = self.client.post('/login', data=dict(codename='invalid'),
follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn('Sorry, that is not a recognized codename.', rv.data)
self.assertNotIn('logged_in', session)
def test_submit_message(self):
self._new_codename()
rv = self.client.post('/submit', data=dict(
msg="This is a test.",
fh=(StringIO(''), ''),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn("Thanks! We received your message.", rv.data)
def test_submit_file(self):
self._new_codename()
rv = self.client.post('/submit', data=dict(
msg="",
fh=(StringIO('This is a test'), 'test.txt'),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn(escape("Thanks! We received your document 'test.txt'."),
rv.data)
def test_submit_both(self):
self._new_codename()
rv = self.client.post('/submit', data=dict(
msg="This is a test",
fh=(StringIO('This is a test'), 'test.txt'),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn("Thanks! We received your message.", rv.data)
self.assertIn(escape("Thanks! We received your document 'test.txt'."),
rv.data)
@patch('zipfile.ZipFile.writestr')
def test_submit_sanitizes_filename(self, zipfile_write):
"""Test that upload file name is sanitized"""
insecure_filename = '../../bin/gpg'
sanitized_filename = 'bin_gpg'
self._new_codename()
self.client.post('/submit', data=dict(
msg="",
fh=(StringIO('This is a test'), insecure_filename),
), follow_redirects=True)
zipfile_write.assert_called_with(sanitized_filename, ANY)
def test_tor2web_warning(self):
rv = self.client.get('/', headers=[('X-tor2web', 'encrypted')])
self.assertEqual(rv.status_code, 200)
self.assertIn("You appear to be using Tor2Web.", rv.data)
class TestJournalist(unittest.TestCase):
def setUp(self):
shared_setup()
self.app = journalist.app
self.client = self.app.test_client()
def tearDown(self):
shared_teardown()
def test_index(self):
rv = self.client.get('/')
self.assertEqual(rv.status_code, 200)
self.assertIn("Latest submissions", rv.data)
self.assertIn("No documents have been submitted!", rv.data)
def test_bulk_download(self):
sid = 'EQZGCJBRGISGOTC2NZVWG6LILJBHEV3CINNEWSCLLFTUWZJPKJFECLS2NZ4G4U3QOZCFKTTPNZMVIWDCJBBHMUDBGFHXCQ3R'
files = ['abc1_msg.gpg', 'abc2_msg.gpg']
filenames = test_setup.setup_test_docs(sid, files)
rv = self.client.post('/bulk', data=dict(
action='download',
sid=sid,
doc_names_selected=files
))
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.content_type, 'application/zip')
self.assertTrue(zipfile.is_zipfile(StringIO(rv.data)))
class TestIntegration(unittest.TestCase):
def setUp(self):
shared_setup()
self.source_app = source.app.test_client()
self.journalist_app = journalist.app.test_client()
self.gpg = gnupg.GPG(homedir=config.GPG_KEY_DIR)
def tearDown(self):
shared_teardown()
def test_submit_message(self):
"""When a source creates an account, test that a new entry appears in the journalist interface"""
test_msg = "This is a test message."
with self.source_app as source_app:
rv = source_app.get('/generate')
rv = source_app.post('/create', follow_redirects=True)
codename = session['codename']
sid = g.sid
# redirected to submission form
rv = self.source_app.post('/submit', data=dict(
msg=test_msg,
fh=(StringIO(''), ''),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
_logout(source_app)
rv = self.journalist_app.get('/')
self.assertEqual(rv.status_code, 200)
self.assertIn("Latest submissions", rv.data)
soup = BeautifulSoup(rv.data)
col_url = soup.select('ul#cols > li a')[0]['href']
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
submission_url = soup.select('ul#submissions li a')[0]['href']
self.assertIn("_msg", submission_url)
li = soup.select('ul#submissions li')[0]
self.assertRegexpMatches(li.contents[-1], "\d+ bytes")
rv = self.journalist_app.get(submission_url)
self.assertEqual(rv.status_code, 200)
decrypted_data = self.gpg.decrypt(rv.data)
self.assertTrue(decrypted_data.ok)
self.assertEqual(decrypted_data.data, test_msg)
# delete submission
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
doc_name = soup.select(
'ul > li > input[name="doc_names_selected"]')[0]['value']
rv = self.journalist_app.post('/bulk', data=dict(
action='delete',
sid=sid,
doc_names_selected=doc_name
))
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
self.assertIn("The following file has been selected for", rv.data)
# confirm delete submission
doc_name = soup.select
doc_name = soup.select(
'ul > li > input[name="doc_names_selected"]')[0]['value']
rv = self.journalist_app.post('/bulk', data=dict(
action='delete',
sid=sid,
doc_names_selected=doc_name,
confirm_delete="1"
))
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
self.assertIn("File permanently deleted.", rv.data)
# confirm that submission deleted and absent in list of submissions
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
self.assertIn("No documents to display.", rv.data)
def test_submit_file(self):
"""When a source creates an account, test that a new entry appears in the journalist interface"""
test_file_contents = "This is a test file."
test_filename = "test.txt"
with self.source_app as source_app:
rv = source_app.get('/generate')
rv = source_app.post('/create', follow_redirects=True)
codename = session['codename']
sid = g.sid
# redirected to submission form
rv = self.source_app.post('/submit', data=dict(
msg="",
fh=(StringIO(test_file_contents), test_filename),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
_logout(source_app)
rv = self.journalist_app.get('/')
self.assertEqual(rv.status_code, 200)
self.assertIn("Latest submissions", rv.data)
soup = BeautifulSoup(rv.data)
col_url = soup.select('ul#cols > li a')[0]['href']
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
submission_url = soup.select('ul#submissions li a')[0]['href']
self.assertIn("_doc", submission_url)
li = soup.select('ul#submissions li')[0]
self.assertRegexpMatches(li.contents[-1], "\d+ bytes")
rv = self.journalist_app.get(submission_url)
self.assertEqual(rv.status_code, 200)
decrypted_data = self.gpg.decrypt(rv.data)
self.assertTrue(decrypted_data.ok)
s = StringIO(decrypted_data.data)
zip_file = zipfile.ZipFile(s, 'r')
unzipped_decrypted_data = zip_file.read('test.txt')
zip_file.close()
self.assertEqual(unzipped_decrypted_data, test_file_contents)
# delete submission
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
doc_name = soup.select(
'ul > li > input[name="doc_names_selected"]')[0]['value']
rv = self.journalist_app.post('/bulk', data=dict(
action='delete',
sid=sid,
doc_names_selected=doc_name
))
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
self.assertIn("The following file has been selected for", rv.data)
# confirm delete submission
doc_name = soup.select
doc_name = soup.select(
'ul > li > input[name="doc_names_selected"]')[0]['value']
rv = self.journalist_app.post('/bulk', data=dict(
action='delete',
sid=sid,
doc_names_selected=doc_name,
confirm_delete="1"
))
self.assertEqual(rv.status_code, 200)
soup = BeautifulSoup(rv.data)
self.assertIn("File permanently deleted.", rv.data)
# confirm that submission deleted and absent in list of submissions
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
self.assertIn("No documents to display.", rv.data)
def test_reply_normal(self):
self.helper_test_reply("This is a test reply.", True)
def test_reply_unicode(self):
self.helper_test_reply("Teşekkürler", True)
def helper_test_reply(self, test_reply, expected_success=True):
test_msg = "This is a test message."
with self.source_app as source_app:
rv = source_app.get('/generate')
rv = source_app.post('/create', follow_redirects=True)
codename = session['codename']
flagged = session['flagged']
sid = g.sid
# redirected to submission form
rv = source_app.post('/submit', data=dict(
msg=test_msg,
fh=(StringIO(''), ''),
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertFalse(flagged)
_logout(source_app)
rv = self.journalist_app.get('/')
self.assertEqual(rv.status_code, 200)
self.assertIn("Latest submissions", rv.data)
soup = BeautifulSoup(rv.data)
col_url = soup.select('ul#cols > li a')[0]['href']
rv = self.journalist_app.get(col_url)
self.assertEqual(rv.status_code, 200)
with self.source_app as source_app:
rv = source_app.post('/login', data=dict(
codename=codename), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertFalse(session['flagged'])
_logout(source_app)
with self.journalist_app as journalist_app:
rv = journalist_app.post('/flag', data=dict(
sid=sid))
self.assertEqual(rv.status_code, 200)
_logout(journalist_app)
with self.source_app as source_app:
rv = source_app.post('/login', data=dict(
codename=codename), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertTrue(session['flagged'])
source_app.get('/lookup')
self.assertTrue(g.flagged)
_logout(source_app)
# Block until the reply keypair has been generated, so we can test
# sending a reply
_block_on_reply_keypair_gen(codename)
rv = self.journalist_app.post('/reply', data=dict(
sid=sid,
msg=test_reply
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
if not expected_success:
pass
else:
self.assertIn("Thanks! Your reply has been stored.", rv.data)
with self.journalist_app as journalist_app:
rv = journalist_app.get(col_url)
self.assertIn("reply-", rv.data)
_logout(journalist_app)
_block_on_reply_keypair_gen(codename)
with self.source_app as source_app:
rv = source_app.post('/login', data=dict(codename=codename), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
rv = source_app.get('/lookup')
self.assertEqual(rv.status_code, 200)
if not expected_success:
# there should be no reply
self.assertTrue("You have received a reply." not in rv.data)
else:
self.assertIn(
"You have received a reply. For your security, please delete all replies when you're done with them.", rv.data)
self.assertIn(test_reply, rv.data)
soup = BeautifulSoup(rv.data)
msgid = soup.select('form.message > input[name="msgid"]')[0]['value']
rv = source_app.post('/delete', data=dict(
sid=sid,
msgid=msgid,
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn("Reply deleted", rv.data)
_logout(source_app)
def test_delete_collection(self):
"""Test the "delete collection" button on each collection page"""
# first, add a source
self.source_app.get('/generate')
self.source_app.post('/create')
rv = self.journalist_app.get('/')
# navigate to the collection page
soup = BeautifulSoup(rv.data)
first_col_url = soup.select('ul#cols > li a')[0]['href']
rv = self.journalist_app.get(first_col_url)
self.assertEqual(rv.status_code, 200)
# find the delete form and extract the post parameters
soup = BeautifulSoup(rv.data)
delete_form_inputs = soup.select('form#delete_collection')[0]('input')
sid = delete_form_inputs[1]['value']
col_name = delete_form_inputs[2]['value']
# POST to /col/delete
rv = self.journalist_app.post('/col/delete', data=dict(
sid=sid,
col_name=col_name
), follow_redirects=True)
self.assertEquals(rv.status_code, 200)
# /col/delete redirects to the index
self.assertIn(escape("%s's collection deleted" % (col_name,)), rv.data)
self.assertIn("No documents have been submitted!", rv.data)
def test_delete_collections(self):
"""Test the "delete selected" checkboxes on the index page that can be
used to delete multiple collections"""
# first, add some sources
num_sources = 2
for i in range(num_sources):
self.source_app.get('/generate')
self.source_app.post('/create')
rv = self.journalist_app.get('/')
# get all the checkbox values
soup = BeautifulSoup(rv.data)
checkbox_values = [ checkbox['value'] for checkbox in
soup.select('input[name="cols_selected"]') ]
rv = self.journalist_app.post('/col/delete', data=dict(
cols_selected=checkbox_values
), follow_redirects=True)
self.assertEqual(rv.status_code, 200)
self.assertIn("%s collections deleted" % (num_sources,), rv.data)
# TODO: functional tests (selenium)
# This code just tests the underlying API and *does not* test the
# interactions due to the Javascript in journalist.js. Once we have
# functional tests, we should add tests for:
# 1. Warning dialog appearance
# 2. "Don't show again" checkbox behavior
# 2. Correct behavior on "yes" and "no" buttons
class TestStore(unittest.TestCase):
'''The set of tests for store.py.'''
def setUp(self):
shared_setup()
def tearDown(self):
shared_teardown()
def test_verify(self):
with self.assertRaises(store.PathException):
store.verify(os.path.join(config.STORE_DIR, '..', 'etc', 'passwd'))
with self.assertRaises(store.PathException):
store.verify(config.STORE_DIR + "_backup")
def test_get_zip(self):
sid = 'EQZGCJBRGISGOTC2NZVWG6LILJBHEV3CINNEWSCLLFTUWZJPKJFECLS2NZ4G4U3QOZCFKTTPNZMVIWDCJBBHMUDBGFHXCQ3R'
files = ['abc1_msg.gpg', 'abc2_msg.gpg']
filenames = test_setup.setup_test_docs(sid, files)
archive = zipfile.ZipFile(store.get_bulk_archive(filenames))
archivefile_contents = archive.namelist()
for archived_file, actual_file in zip(archivefile_contents, filenames):
actual_file_content = open(actual_file).read()
zipped_file_content = archive.read(archived_file)
self.assertEquals(zipped_file_content, actual_file_content)
if __name__ == "__main__":
unittest.main(verbosity=2)