Jacob Bachmeyer [Tue, 18 Oct 2022 04:20:30 +0000 (23:20 -0500)]
Improve RFC4880 conformance
Jacob Bachmeyer [Tue, 18 Oct 2022 02:25:20 +0000 (21:25 -0500)]
Refactor directive parsing to only read file once
Jacob Bachmeyer [Tue, 18 Oct 2022 02:07:45 +0000 (21:07 -0500)]
Add POD block for interpret_directive
This was held out of the previous commit to improve diff readability.
Jacob Bachmeyer [Tue, 18 Oct 2022 02:06:20 +0000 (21:06 -0500)]
Factor element-processing loop out of read_directive_file
Jacob Bachmeyer [Sun, 16 Oct 2022 04:32:40 +0000 (23:32 -0500)]
Use new read_directive helper in read_directive_file
Jacob Bachmeyer [Sun, 16 Oct 2022 04:24:00 +0000 (23:24 -0500)]
Move declaration of counter in read_directive_file nearer to loop
Jacob Bachmeyer [Sun, 16 Oct 2022 04:15:45 +0000 (23:15 -0500)]
Replace file-reading loop with list operations
Jacob Bachmeyer [Sun, 16 Oct 2022 04:08:27 +0000 (23:08 -0500)]
Remove obsolete comment describing protocol v1.0
Jacob Bachmeyer [Sun, 16 Oct 2022 04:02:56 +0000 (23:02 -0500)]
Revise main packet processing loop to use new gather_packets result
Jacob Bachmeyer [Sun, 16 Oct 2022 03:41:29 +0000 (22:41 -0500)]
Remove testsuite handling of obsolete message
This message was removed from the gatekeeper along with the rest of the
legacy v1.0 support in commit
af0774b9c0ce4907bbdf95e57ffdb534366e19dc.
Jacob Bachmeyer [Sun, 16 Oct 2022 03:16:16 +0000 (22:16 -0500)]
Add helper procedures for directive handling in gatekeeper
Jacob Bachmeyer [Sun, 16 Oct 2022 02:39:40 +0000 (21:39 -0500)]
Rename ftp_die to ftp_abort in gatekeeper
Jacob Bachmeyer [Sun, 16 Oct 2022 01:10:20 +0000 (20:10 -0500)]
Use value from splitting directory line to obtain package name
Jacob Bachmeyer [Sun, 16 Oct 2022 01:07:24 +0000 (20:07 -0500)]
Use File::Spec::Unix to count directories in parse_directory_line
Jacob Bachmeyer [Sun, 16 Oct 2022 01:02:16 +0000 (20:02 -0500)]
Use symbolic constant for maximum directory depth
Jacob Bachmeyer [Sun, 16 Oct 2022 00:53:35 +0000 (19:53 -0500)]
Add report of number of files with bogus names discarded
Jacob Bachmeyer [Sun, 16 Oct 2022 00:47:51 +0000 (19:47 -0500)]
Finish refactoring of gather_packets/scan_incoming to use absolute names
This eliminates the need to change to the incoming directory and is a
step towards a goal of eliminating any dependency on the current directory
and presenting only absolute file names to the system.
Jacob Bachmeyer [Sun, 16 Oct 2022 00:39:40 +0000 (19:39 -0500)]
Refactor scan_incoming as helper for gather_packets
The old scan_incoming function was very long and performed two related
but distinct tasks: collecting a list of files eligible for processing
and collecting those files into packets. The new scan_incoming now only
produces a list of files; the second loop to collect files into packets
has been moved to a new gather_packets function.
Jacob Bachmeyer [Sun, 16 Oct 2022 00:28:40 +0000 (19:28 -0500)]
Improve comments
Jacob Bachmeyer [Sun, 16 Oct 2022 00:28:25 +0000 (19:28 -0500)]
Update testsuite for terminology change
The original concept of "triplets" is now generalized to "packets" that
can contain any number of files.
Jacob Bachmeyer [Sun, 16 Oct 2022 00:26:56 +0000 (19:26 -0500)]
Revise packet-gathering loop in scan_incoming
Since every packet must contain a directive, the process is now driven
based on the set of directives available. This change also avoids
considering every file and fixes a related minor bug in the old code:
comments indicated that all files from each triplet were supposed to be
removed from possible consideration, but the loop was actually iterating
over a temporary list containing the keys of the %possible hash as of the
start of the loop.
This change also introduces a new internal format for the result of the
scan_incoming function and some temporary scaffolding code to convert the
new format to the old format to keep the tool working during the change.
Jacob Bachmeyer [Sat, 15 Oct 2022 03:43:44 +0000 (22:43 -0500)]
Discard names of trash files immediately after unlink
Jacob Bachmeyer [Sat, 15 Oct 2022 03:33:34 +0000 (22:33 -0500)]
Add comment describing expected issue on modern GNU/Linux
Jacob Bachmeyer [Sat, 15 Oct 2022 03:29:55 +0000 (22:29 -0500)]
Improve comments in scan_incoming
Jacob Bachmeyer [Sat, 15 Oct 2022 03:24:04 +0000 (22:24 -0500)]
Revise check for open files in scan_incoming
The old code would incorrectly assume that no files are open if the
lsof program fails to run; this new code uses a list-form pipe open
introduced in Perl 5.8.0 instead of an implied fork.
Also use File::Spec to form the arguments to lsof.
Jacob Bachmeyer [Sat, 15 Oct 2022 03:19:29 +0000 (22:19 -0500)]
Check file sizes while scanning directory in scan_incoming
Excessively large directive and signature files are now detected while
scanning the incoming files directory and promptly removed afterward;
the testsuite is adjusted accordingly.
Jacob Bachmeyer [Sat, 15 Oct 2022 03:11:22 +0000 (22:11 -0500)]
Check timestamps while scanning directory in scan_incoming
Recent files are now filtered out very early, before checking if they
are open; the testsuite is adjusted accordingly.
Jacob Bachmeyer [Sat, 15 Oct 2022 03:05:01 +0000 (22:05 -0500)]
Revise directory scanning loop in scan_incoming
Files with unacceptable names are now removed immediately after scanning
the incoming files directory; the testsuite is adjusted accordingly.
Jacob Bachmeyer [Sat, 15 Oct 2022 02:54:32 +0000 (21:54 -0500)]
Use arguments instead of globals in scan_incoming
Also move the declaration of the return array.
Jacob Bachmeyer [Sat, 15 Oct 2022 02:40:57 +0000 (21:40 -0500)]
Use symbolic constants for limits in scan_incoming
Jacob Bachmeyer [Sat, 15 Oct 2022 02:37:04 +0000 (21:37 -0500)]
Remove comment that does not accurately describe the code
Jacob Bachmeyer [Sat, 15 Oct 2022 02:33:22 +0000 (21:33 -0500)]
Explicitly return empty list from scan_incoming if no files found
Jacob Bachmeyer [Sun, 9 Oct 2022 03:14:28 +0000 (22:14 -0500)]
Remove redundant checks on symlink and archive commands
The tighter file name patterns now exclude ".." name components, so
these branches are now dead code.
Jacob Bachmeyer [Sun, 9 Oct 2022 03:08:42 +0000 (22:08 -0500)]
Collect file name validation patterns
This results in some small semantic changes: the new patterns are
stricter in handling symlink arguments and slightly looser for the
directory line. However, this improves consistency, since the old
patterns could imply directories that could not be directly named.
Jacob Bachmeyer [Sat, 8 Oct 2022 03:57:13 +0000 (22:57 -0500)]
Reduce the visibility of the log style global
While $Log_Style is now a global variable, the use of "strict" means that
it is only accessible in lexical scopes where it has been aliased using
the "our" feature. These are limited, therefore reducing its scope from
a file-scope quasi-global lexical to only the initialization code and the
ftp_syslog function, where it is actually used.
Jacob Bachmeyer [Sat, 8 Oct 2022 03:50:36 +0000 (22:50 -0500)]
Eliminate version_information sub that was called exactly once
Jacob Bachmeyer [Sat, 8 Oct 2022 03:46:16 +0000 (22:46 -0500)]
Import GPLv3 license text as COPYING.GPLv3
Jacob Bachmeyer [Sat, 8 Oct 2022 03:45:23 +0000 (22:45 -0500)]
Add initial shared directive-reading functions
Jacob Bachmeyer [Sat, 8 Oct 2022 03:40:31 +0000 (22:40 -0500)]
Move more of the old comment blocks into POD
Jacob Bachmeyer [Sat, 8 Oct 2022 03:32:21 +0000 (22:32 -0500)]
Use Pod::Usage and begin to develop internal documentation in Perl POD
POD is Perl's native documentation format, designed to embed an
approximate equivalent to a man page inside a Perl program or module.
POD can be particularly useful for docstring-like embedded per-function
documentation but has a different purpose from Texinfo, which will be
used when a reference manual is written.
Jacob Bachmeyer [Sat, 8 Oct 2022 00:06:02 +0000 (19:06 -0500)]
Finish integration of CheckVulnerabilities code
Jacob Bachmeyer [Sat, 8 Oct 2022 00:02:40 +0000 (19:02 -0500)]
Remove version 1.0 compatibility mode
Jacob Bachmeyer [Fri, 7 Oct 2022 23:48:00 +0000 (18:48 -0500)]
Refactor log style tag into ftp_syslog
This removes references to $log_style at every call site and collects a
single reference to the renamed $Log_Style global in the ftp_syslog sub.
Jacob Bachmeyer [Fri, 7 Oct 2022 23:37:00 +0000 (18:37 -0500)]
Fill long lines in gatekeeper script
Also update testsuite to recognize a message changed by this operation.
Jacob Bachmeyer [Fri, 7 Oct 2022 04:12:59 +0000 (23:12 -0500)]
Emit stack backtrace if syslog call fails
Jacob Bachmeyer [Fri, 7 Oct 2022 04:02:48 +0000 (23:02 -0500)]
Revise display of usage information
The script now reports success if run with the --help option.
Jacob Bachmeyer [Fri, 7 Oct 2022 03:48:56 +0000 (22:48 -0500)]
Use Perl's "or" in conditionals used for control flow
Jacob Bachmeyer [Fri, 7 Oct 2022 03:37:48 +0000 (22:37 -0500)]
Fix oversight with location of logging definitions
Jacob Bachmeyer [Fri, 7 Oct 2022 03:33:34 +0000 (22:33 -0500)]
Revise syslog initialization in gatekeeper script
This reflects the renaming of the script and moves the syslog details to
one place nearer the top of the file.
The "ndelay" option could be added to the openlog call, but would be
redundant, as the script immediately logs its own startup.
Jacob Bachmeyer [Thu, 6 Oct 2022 04:49:46 +0000 (23:49 -0500)]
Normalize argument unpacking in gatekeeper script
This shifts arguments out of @_ one at a time in each sub and also
removes a few cases of setting lists containing only one variable.
Jacob Bachmeyer [Thu, 6 Oct 2022 04:35:00 +0000 (23:35 -0500)]
Update old-style sub calls in gatekeeper script
Jacob Bachmeyer [Thu, 6 Oct 2022 04:20:00 +0000 (23:20 -0500)]
Merge CheckVulnerabilities module into main script
Jacob Bachmeyer [Thu, 6 Oct 2022 04:18:48 +0000 (23:18 -0500)]
Move syslog initialization and final configuration check to preliminaries
This also required moving the message reporting subs farther up, since
this code uses ftp_syslog and ftp_die.
Jacob Bachmeyer [Thu, 6 Oct 2022 03:50:50 +0000 (22:50 -0500)]
Remove sub main in gatekeeper script
Unlike C, Perl allows program code to simply appear at the top level of
the file. Using this feature is the standard convention in Perl.
Jacob Bachmeyer [Thu, 6 Oct 2022 03:48:04 +0000 (22:48 -0500)]
Reorganize gatekeeper script to sort subs ahead of their callers
Prior to committing, this was validated with:
(DIFF='git diff --cached';
comm -3 <($DIFF | grep ^- | sed -e 's/^-//' | sort) \
<($DIFF | grep ^+ | sed -e 's/^+//' | sort) )
The output shows only blank lines, comments, and a diff header were
added, and only a diff header removed, after all lines are sorted
and paired for analysis. To replicate, change the "git diff" command
to compare this commit with its parent.
Jacob Bachmeyer [Thu, 6 Oct 2022 03:36:06 +0000 (22:36 -0500)]
Document change of script name and update copyright years
Jacob Bachmeyer [Thu, 6 Oct 2022 02:05:21 +0000 (21:05 -0500)]
Fix prototype on ftp_die in gatekeeper script
Currently, this prototype has no effect because the entire script has been
compiled before it is seen. Moving ftp_die to near the beginning of the script
will cause the prototype to be checked and the incorrect prototype causes
compilation to fail.
Jacob Bachmeyer [Thu, 6 Oct 2022 01:40:40 +0000 (20:40 -0500)]
Rename the upload-ftp tool to "gatekeeper" and update symlinks
At this time, the tool still reports as "ftp-upload" in syslog.
Jacob Bachmeyer [Thu, 6 Oct 2022 01:31:49 +0000 (20:31 -0500)]
Remove old version of upload-ftp script
unknown [Wed, 5 Oct 2022 02:15:30 +0000 (21:15 -0500)]
Import existing script generate-ftpindex.sh
Jacob Bachmeyer [Tue, 4 Oct 2022 02:01:38 +0000 (21:01 -0500)]
Work around Expect bug
Jacob Bachmeyer [Tue, 20 Sep 2022 00:04:12 +0000 (19:04 -0500)]
Improve handling of test environments in upload testsuite
This removes the argument to the new_test_environment procedure.
Jacob Bachmeyer [Mon, 19 Sep 2022 23:38:56 +0000 (18:38 -0500)]
Clean up scratchpad files in mock tool testsuite
Jacob Bachmeyer [Mon, 19 Sep 2022 23:03:34 +0000 (18:03 -0500)]
Remove Emacs time-stamp configuration
The files are now tracked in Git and the actual timestamp was removed
long ago -- the oldest version in the repository does not have it.
Jacob Bachmeyer [Sun, 13 Feb 2022 04:34:25 +0000 (22:34 -0600)]
Add test for rejection of future directive signature timestamp
Jacob Bachmeyer [Sun, 13 Feb 2022 04:33:22 +0000 (22:33 -0600)]
Correctly handle both old and new signature timestamps from GPG
Jacob Bachmeyer [Sun, 13 Feb 2022 04:32:24 +0000 (22:32 -0600)]
Add debugging message reporting directive signature timestamp
Jacob Bachmeyer [Sat, 29 Jan 2022 02:56:49 +0000 (20:56 -0600)]
Fix critical bug in symlink command handling found during testing
Previously, while symlink targets were checked for the string "..", symlink
names were unchecked; this allowed symlinks to be placed outside of the
permitted areas for which the signing key is authorized and even outside of the
managed file tree, requiring only that the containing directory already exist.
The test case places a symlink directly into the top-level pub/ directory to
demonstrate the issue and confirm that it is fixed.
I consider this bug critical because while the rogue symlink can only refer to
something else at or below its own location, it could replace an existing
symlink. While I do not expect that this provides any way to crack system
security, careful misuse could certainly cause considerable nuisance, possibly
breaking the entire system if an attacker can find a symlink that is critical
for the system's operation and replace it with a dangling symlink.
Jacob Bachmeyer [Sat, 29 Jan 2022 02:52:00 +0000 (20:52 -0600)]
Add more tests for loose directives to improve coverage
Jacob Bachmeyer [Fri, 28 Jan 2022 03:36:12 +0000 (21:36 -0600)]
Add more tests for misconfigured package scenarios
Jacob Bachmeyer [Fri, 28 Jan 2022 03:34:12 +0000 (21:34 -0600)]
Add more tests for invalid directives in triplets
Jacob Bachmeyer [Thu, 27 Jan 2022 05:13:50 +0000 (23:13 -0600)]
Change DEBUG, NOMAIL, TSTAMPCHECK mode flags to constants
This simplifies coverage analysis reports, since these flags are only set
while initializing the script and never changed during a run.
Jacob Bachmeyer [Thu, 27 Jan 2022 04:06:42 +0000 (22:06 -0600)]
Add tests for oversize directive and signature files
Jacob Bachmeyer [Thu, 27 Jan 2022 03:16:00 +0000 (21:16 -0600)]
Improve log messages for oversize directive or signature files
The new messages are easier for the testsuite to match.
Jacob Bachmeyer [Thu, 27 Jan 2022 03:10:49 +0000 (21:10 -0600)]
Add idle processing tests for recent uploads
Jacob Bachmeyer [Thu, 27 Jan 2022 03:10:11 +0000 (21:10 -0600)]
Add infrastructure for testsuite coverage analysis
Jacob Bachmeyer [Thu, 27 Jan 2022 03:09:26 +0000 (21:09 -0600)]
Tidy whitespace
Jacob Bachmeyer [Wed, 26 Jan 2022 03:20:00 +0000 (21:20 -0600)]
Add tests for Automake vulnerability filter logic
Jacob Bachmeyer [Sat, 22 Jan 2022 03:33:44 +0000 (21:33 -0600)]
Add tests for basic triplet handling
Jacob Bachmeyer [Fri, 10 Dec 2021 22:54:51 +0000 (16:54 -0600)]
Ensure that upload handler syslog messages do not span lines
Jacob Bachmeyer [Sun, 14 Nov 2021 01:08:28 +0000 (19:08 -0600)]
Meet taint mode requirements for handling test SMTP port
Ian Kelling [Mon, 18 Oct 2021 20:25:23 +0000 (16:25 -0400)]
fix for gpgv upgrade 1.4 to 2.2.4
Jacob Bachmeyer [Sun, 9 May 2021 02:07:23 +0000 (21:07 -0500)]
Clean up whitespace using Emacs
Jacob Bachmeyer [Sat, 1 May 2021 00:05:00 +0000 (19:05 -0500)]
Include more information in the test log
Previously, the analyze_file_tree procedure stopped immediately when a
tree that was expected to be empty was found to contain files. This
change causes a full list of the files found to appear in the log.
Jacob Bachmeyer [Fri, 30 Apr 2021 23:49:40 +0000 (18:49 -0500)]
Add testsuite support for building tarballs for test cases
Jacob Bachmeyer [Thu, 8 Apr 2021 01:22:34 +0000 (20:22 -0500)]
Add initial partial testsuite
This does not yet check actual upload handling, but the testsuite
infrastructure seems to be sufficiently developed at this point that no
major changes should be needed to support further tests.
Jacob Bachmeyer [Thu, 25 Mar 2021 01:44:22 +0000 (20:44 -0500)]
Add "no-op" command for testing uses
This command is only recognized in test mode.
Jacob Bachmeyer [Thu, 25 Mar 2021 01:43:44 +0000 (20:43 -0500)]
Improve recognizability of debugging message for testsuite
Jacob Bachmeyer [Thu, 25 Mar 2021 01:26:39 +0000 (20:26 -0500)]
Avoid running generate-ftpindex during tests
The attempt to rebuild the FTP server index is normally harmless, since most
test machines will not actually have /usr/local/bin/generate-ftpindex and the
error from the inability to execute that tool is ignored anyway.
However, if the testsuite is ever actually run on the FTP upload server, this
will prevent a large amount of spurious work rebuilding the FTP indexes.
Jacob Bachmeyer [Wed, 24 Mar 2021 22:04:32 +0000 (17:04 -0500)]
Use special tag for log messages in testing mode
Jacob Bachmeyer [Wed, 24 Mar 2021 21:56:11 +0000 (16:56 -0500)]
Demote severity of debugging message and indicate message type
This change enables the testsuite to reliably recognize this message
instead of guessing with heuristics. The message severity was demoted
to 'debug' because the message is only emitted in debugging mode.
Jacob Bachmeyer [Wed, 17 Mar 2021 03:04:00 +0000 (22:04 -0500)]
Use constant for name of lsof executable to enable testing with mock
Jacob Bachmeyer [Wed, 17 Mar 2021 03:02:50 +0000 (22:02 -0500)]
Add infrastructure for generic mock tools
Jacob Bachmeyer [Thu, 11 Mar 2021 07:44:11 +0000 (01:44 -0600)]
Include state files in the test case directory
Jacob Bachmeyer [Wed, 10 Mar 2021 05:48:12 +0000 (23:48 -0600)]
Add mock gpgv signature verification tool and mock tool testsuite
Jacob Bachmeyer [Sat, 6 Mar 2021 23:50:22 +0000 (17:50 -0600)]
Ignore DejaGnu output files and scratchpad used with testsuite
Jacob Bachmeyer [Thu, 4 Mar 2021 02:43:34 +0000 (20:43 -0600)]
Tidy minor details
Update copyright notice and rearrange test configuration to follow the
locations of files in lifecycle order.
Jacob Bachmeyer [Thu, 4 Mar 2021 02:42:06 +0000 (20:42 -0600)]
Log startup/shutdown in mock syslog server
Jacob Bachmeyer [Thu, 4 Mar 2021 02:40:08 +0000 (20:40 -0600)]
Relax parsing of RFC3164 syslog message format
Jacob Bachmeyer [Sat, 27 Feb 2021 22:30:20 +0000 (16:30 -0600)]
Override configuration directories in testing mode