TEST+DOC: comments, help msg, test

pyfilesec/__init__.py

@@ -799,10 +799,9 @@ def pad(self, size=DEFAULT_PAD_SIZE):
 
         To make unpadding easier and more robust (and enable human inspection),
         the end bytes provide the number of padding bytes that were added, plus
-        an identifier. 10 digits is not hard-coded as 10, but as the length of
-        ``str(max_file_size)``, where the ``max_file_size`` constant is 8G by
-        default. This means that any changes to the max file size constant can
-        thus cause pad / unpad failures across versions.
+        an identifier. NB: 10 digits is not hard-coded as 10, but as
+        ``len(str(max_file_size))``, where the ``max_file_size`` is 8G.
+        Changes to the max file size could cause pad / unpad failures.
 
         Special ``size`` values:
 
@@ -2438,7 +2437,6 @@ def set_destroy():
                         fatal('Failed to find sdelete.exe. Please install ' +
                             'under C:\\, run it manually to accept the terms.',
                             RuntimeError)
-                # bat_template in constants.py
                 bat = sd_bat_template.replace('XSDELETEX', _abspath(guess))
                 with open(DESTROY_EXE, write_mode) as fd:
                     fd.write(bat)
@@ -2495,7 +2493,7 @@ def set_openssl(path=None):
             logging.warning(msg)
     else:
         # use a bat file to set OPENSSL_CONF; create .bat if not found
-        OPENSSL = op_bat_name  # from constants
+        OPENSSL = op_bat_name
         if not exists(OPENSSL):
             logging.info('no working %s file; will recreate' % op_bat_name)
             bat = op_bat_template.replace(op_expr, op_default)
@@ -2690,10 +2688,10 @@ def _parse_args():
     parser.add_argument('--openssl', help='path of the openssl binary to use')
 
     group = parser.add_mutually_exclusive_group()
-    group.add_argument('--encrypt', action='store_true', help='encrypt with RSA + AES256 (-u [-m][-n][-c][-z][-e][-k])')
-    group.add_argument('--decrypt', action='store_true', help='use private key to decrypt (-v [-d][-r])')
-    group.add_argument('--rotate', action='store_true', help='rotate the encryption (-v -U [-V][-r][-R][-z][-e][-c])')
-    group.add_argument('--sign', action='store_true', help='sign file / make signature (-v [-r][-o])')
+    group.add_argument('--encrypt', action='store_true', help='encrypt with RSA + AES256 (-u [-c][-z][-k])')
+    group.add_argument('--decrypt', action='store_true', help='use private key to decrypt (-v)[-p]')
+    group.add_argument('--rotate', action='store_true', help='rotate the encryption (-u -v [-p][-c])')
+    group.add_argument('--sign', action='store_true', help='sign file / make signature (-v [-p][-o])')
     group.add_argument('--verify', action='store_true', help='verify a signature using public key (-u -s)')
     group.add_argument('--pad', action='store_true', help='obscure file length by padding with bytes ([-z])')
     group.add_argument('--unpad', action='store_true', help='remove padding')
@@ -2707,12 +2705,12 @@ def _parse_args():
     group2.add_argument('--clipboard', action='store_true', help='genrsa: passphrase placed on clipboard (only)', default=False)
     group2.add_argument('--passfile', action='store_true', help='genrsa: save passphrase to file, name matches keys', default=False)
 
-    parser.add_argument('-o', '--out', help='sign: path name for the sig')
-    parser.add_argument('-u', '--pub', help='path to public key (.pem file)')
-    parser.add_argument('-v', '--priv', help='path to private key (.pem file)')
-    parser.add_argument('-p', '--pphr', help='path to file with passphrase')
-    parser.add_argument('-c', '--hmac', help='path to file with hmac key')
-    parser.add_argument('-s', '--sig', help='path to signature file (required input for --verify)')
+    parser.add_argument('-o', '--out', help='sign: output path name for the signature')
+    parser.add_argument('-u', '--pub', help='path to file containing public key (.pem file)')
+    parser.add_argument('-v', '--priv', help='path to file containing private key (.pem file)')
+    parser.add_argument('-p', '--pphr', help='path to file containing a passphrase for private key')
+    parser.add_argument('-c', '--hmac', help='path to file containing a hmac key')
+    parser.add_argument('-s', '--sig', help='path to file containing a signature (required input for --verify)')
     parser.add_argument('-z', '--size', type=int, help='bytes for --pad, min 128, default 16384; unpad 0, -1')
     parser.add_argument('-a', '--autogen', action='store_true', help='non-interactive genrsa', default=False)
     parser.add_argument('-N', '--nodate', action='store_true', help='suppress date (meta-data are clear-text)', default=False)

tests/test_crypto.py

@@ -739,26 +739,32 @@ def test_hmac(self):
 
     @pytest.mark.commandline
     def test_command_line(self):
-        # send encrypt and decrypt commands via command line
+        """test command line usage with lib_path == path to invoke pyfilesec"""
+
+        # minimal test of args via commandline: recover --version via stderr
+        cmdLineCmd = [sys.executable, lib_path, '--version']
+        _, ver = sys_call(cmdLineCmd, stderr=True)
+        # can be coverage warnings in stderr as well, so take first line:
+        assert ver.splitlines()[0] == pyfilesec.__version__
 
+        # send encrypt and decrypt commands via command line
         datafile = 'cleartext no unicode.txt'
         secretText = 'secret snippet %.6f' % get_time()
         with open(datafile, write_mode) as fd:
             fd.write(secretText)
         pub1, priv1, pphr1 = _known_values()[:3]
-        pathToSelf = lib_path
         datafile = _abspath(datafile)
 
         # Encrypt:
-        cmdLineCmd = [sys.executable, pathToSelf, datafile, '--encrypt',
+        cmdLineCmd = [sys.executable, lib_path, datafile, '--encrypt',
                       '--pub', pub1, '--keep', '--openssl=' + OPENSSL]
         oute = sys_call(cmdLineCmd)
         assert 'cipher_text' in oute
         enc = eval(oute)
         assert isfile(enc['cipher_text'])
 
         # Decrypt:
-        cmdLineCmd = [sys.executable, pathToSelf,
+        cmdLineCmd = [sys.executable, lib_path,
                       enc['cipher_text'], '--decrypt', '--keep',
                       '--priv', priv1, '--pphr', pphr1, '--openssl=' + OPENSSL]
         outd = sys_call(cmdLineCmd)
@@ -769,24 +775,24 @@ def test_command_line(self):
         assert recoveredText == secretText  # need both enc and dec to work
 
         # Rotate:
-        assert (isfile(enc['cipher_text']) and
-            enc['cipher_text'].endswith(ENC_EXT))  # need --keep in d
-        cmdLineRotate = [sys.executable, pathToSelf,
+        ciph = enc['cipher_text']
+        assert (isfile(ciph) and ciph.endswith(ENC_EXT))  # need --keep in d
+        cmdLineRotate = [sys.executable, lib_path,
                          enc['cipher_text'], '--rotate',
                         '--pub', pub1, '--priv', priv1, '--pphr', pphr1,
-                        '-z', str(getsize(enc['cipher_text']) * 2)]
+                        '-z', str(getsize(ciph) * 2)]
         outr = sys_call(cmdLineRotate)  # dict as a string
         assert 'rotate' in outr and 'good' in outr
         rot = eval(outr)
         assert isfile(rot['file'])
 
         # Sign and Verify (target = the file from rot):
-        cmdLineSign = [sys.executable, pathToSelf, rot['file'], '--sign',
+        cmdLineSign = [sys.executable, lib_path, rot['file'], '--sign',
                       '--priv', priv1, '--pphr', pphr1, '--out', 'sig.out']
         outs = sys_call(cmdLineSign)
         assert 'sig' in outs
         sig = eval(outs)
-        cmdLineVerify = [sys.executable, pathToSelf, rot['file'], '--verify',
+        cmdLineVerify = [sys.executable, lib_path, rot['file'], '--verify',
                       '--pub', pub1, '--sig', sig['out']]
         outv = sys_call(cmdLineVerify)
         assert 'verified' in outv
@@ -797,22 +803,22 @@ def test_command_line(self):
         with open(datafile, write_mode) as fd:
             fd.write(secretText)
         orig_size = getsize(datafile)
-        cmdLinePad = [sys.executable, pathToSelf, datafile, '--pad']
+        cmdLinePad = [sys.executable, lib_path, datafile, '--pad']
         outp = sys_call(cmdLinePad)
         assert "'method': 'pad'" in outp
         assert "'size': %d" % DEFAULT_PAD_SIZE in outp
         out = eval(outp)
         assert getsize(datafile) == DEFAULT_PAD_SIZE
 
         # more coverage
-        cmdLineUnpad = [sys.executable, pathToSelf, datafile, '--pad',
+        cmdLineUnpad = [sys.executable, lib_path, datafile, '--pad',
                         '-z', '0']
         outunp = sys_call(cmdLineUnpad)
         assert 'padding' in outunp
         out = eval(outunp)
         assert out['padding'] == None
 
-        cmdLineUnpad = [sys.executable, pathToSelf, datafile, '--pad',
+        cmdLineUnpad = [sys.executable, lib_path, datafile, '--pad',
                         '-z', '0', '--verbose']
         outv = sys_call(cmdLineUnpad)
         # see if there's lots of output, with some plausible detail:
@@ -822,13 +828,14 @@ def test_command_line(self):
         assert len(outv.splitlines()) > 40
 
         # Destroy:
-        cmdLineDestroy = [sys.executable, pathToSelf, datafile, '--destroy']
+        cmdLineDestroy = [sys.executable, lib_path, datafile, '--destroy']
         outx = sys_call(cmdLineDestroy)
         if 'disposition' in outx:
             out = eval(outx)
         assert out['disposition'] == destroy_code[pfs_DESTROYED]
 
 
+# this messes up coverage for coveralls.io, even when marked notravis
 @pytest.mark.altopenssl
 @pytest.mark.slow
 @pytest.mark.notravis