Tests for new validation functions in updater.py

Signed-off-by: Martin Vrachev <[email protected]>

Author: MVrachev

tests/test_endless_data_attack.py

@@ -269,8 +269,10 @@ def test_with_tuf(self):
       self.repository_updater.refresh()
 
     except tuf.exceptions.NoWorkingMirrorError as exception:
-      for mirror_url, mirror_error in six.iteritems(exception.mirror_errors):
-        self.assertTrue(isinstance(mirror_error, securesystemslib.exceptions.Error))
+      for _, mirror_error in six.iteritems(exception.mirror_errors):
+        # Throw tuf.exceptions.InvalidMetadataJSONError
+        # because the metadata is not a valud JSON file.
+        self.assertTrue(isinstance(mirror_error, tuf.exceptions.InvalidMetadataJSONError))
 
     else:
       self.fail('TUF did not prevent an endless data attack.')

tests/test_updater.py

@@ -1742,10 +1742,55 @@ def test_11__verify_metadata_file(self):
 
       self.assertRaises(tuf.exceptions.InvalidMetadataJSONError,
           self.repository_updater._verify_metadata_file,
-          metadata_file_object, 'root')
+          metadata_file_object, 'root', None)
 
 
-  def test_13__targets_of_role(self):
+  def test_12__validate_metadata_version(self):
+    # Test for valid metadata version with expected_version.
+    self.repository_updater._validate_metadata_version(
+        expected_version=1, metadata_role='root', version_downloaded=1)
+
+    # Test for valid metadata version without expected_version.
+    self.repository_updater._validate_metadata_version(
+        expected_version=None, metadata_role='root', version_downloaded=1)
+
+    # Test for expected_version different than version downloaded.
+    self.assertRaises(tuf.exceptions.BadVersionNumberError,
+        self.repository_updater._validate_metadata_version,
+        expected_version=2, metadata_role='root', version_downloaded=1)
+
+    # Test without expected_version and version_downloaded < current_version.
+    self.assertRaises(tuf.exceptions.ReplayedMetadataError,
+        self.repository_updater._validate_metadata_version,
+        expected_version=None, metadata_role='root', version_downloaded=0)
+
+
+  def test_13__validate_spec_version(self):
+    # Tests when metadata spec ver is compatible with tuf.SPECIFICATION_VERSION
+
+    # metadata spec ver = tuf.SPECIFICATION_VERSION
+    self.repository_updater._validate_spec_version(tuf.SPECIFICATION_VERSION)
+
+    code_spec_ver_split = tuf.SPECIFICATION_VERSION.split('.')
+    code_spec_major = int(code_spec_ver_split[0])
+    code_spec_minor= int(code_spec_ver_split[1])
+
+    # metadata major ver is the same as tuf.SPECIFICATION_VERSION major ver
+    # but metadata minor ver != tuf.SPECIFICATION_VERSION minor ver
+    metadata_spec = [str(code_spec_major), str(code_spec_minor + 1), '0']
+    separator = '.'
+    metadata_spec = separator.join(metadata_spec)
+    self.repository_updater._validate_spec_version(metadata_spec)
+
+    # Test when metadata spec ver is NOT compatible
+    # with tuf.SPECIFICATION_VERSION
+    metadata_spec = [str(code_spec_major + 1), str(code_spec_minor), '0']
+    metadata_spec = separator.join(metadata_spec)
+    self.assertRaises(tuf.exceptions.UnsupportedSpecificationError,
+        self.repository_updater._validate_spec_version, metadata_spec)
+
+
+  def test_15__targets_of_role(self):
     # Test case where a list of targets is given.  By default, the 'targets'
     # parameter is None.
     targets = [{'filepath': 'file1.txt', 'fileinfo': {'length': 1, 'hashes': {'sha256': 'abc'}}}]