All MockBPA Tests Passing (#45)

Author: jeronstone

mock-bpa-test/_generate_simple_bundles.py

@@ -152,12 +152,13 @@ def add_bcb_to_bundle_over_x(bundle, x):
 
 b = [
     [7, 0, 0, [2, [1, 2]], [2, [2, 1]], [2, [2, 1]], [0, 40], 1000000],
-    [1, 1, 0, 0, '526561647920746F2067656E657261746520612033322D62797465207061796C6F6164']
+    [1, 1, 0, 0, '526561647920746F2067656E657261746520612033322D62797465207061796C6F6164'],
+    [192, 2, 0, 0, '676f20647261676f6e666c7921']
 ]
 
 
 print (f"ORIGINAL BUNDLE: {b}")
-b = add_bib_to_bundle_over_x(b, 0)
+b = add_bib_to_bundle_over_x(b, 2)
 print(f'BUNDLE AFTER BIB: {b}')
 #b = add_bcb_to_bundle_over_x(b, 1)
 print(f'FINAL BUNDLE: {b}')

mock-bpa-test/_test_util.py

@@ -30,28 +30,21 @@ class DataFormat(Enum):
 # "structure" to hold a simple test case
 class _TestCase:
     '''
-    @param input_data list representation of bundle | TODO hex option / fully hex?
-    @param expected_output either list representation of expected output bundle OR tuple for outcome (FAILURE_CODE, N), (NO_OUTPUT, N), etc.
-    @param policy_config decimal digit representing uint32 for policy configuration | TODO switch to a hex string?
-    @param impl - boolean, true if test is implemented, false if not (placeholder for empty test fixtures)
-    @param success - boolean, true if input bundle is expected to have an output bundle, false if error/no output
+    @param input_data: list representation of bundle
+    @param expected_output: either list representation of expected output bundle OR a string to search log output for match 
+    @param policy_config: decimal digit representing uint32 for policy configuration
+    @param is_working: True if test working
+    @param input/output_data_format: data format of input/output
     '''
-    def __init__(self, input_data, expected_output, policy_config, 
-                 is_implemented : bool, is_working: bool, expect_success: bool, 
+    def __init__(self, input_data, expected_output, policy_config, is_working: bool, 
                  input_data_format : DataFormat, expected_output_format : DataFormat):
         self.input_data = input_data
         self.expected_output = expected_output
         self.policy_config = policy_config
 
-        # can be removed once all tests are implemeneted
-        self.is_implemented = is_implemented
-
         # can be removed once all tests are wworking
         self.is_working = is_working
 
-        # true if test expected to succeed (return output bundle with no errors)
-        self.expect_success = expect_success
-
         self.input_data_format = input_data_format
         self.expected_output_format = expected_output_format
 

mock-bpa-test/requirements_tests.py

@@ -173,11 +173,10 @@ def _single_test(self, testcase: _TestCase):
 
             LOGGER.warning('Check log output to validate reason for no data!!')
 
-            # Currently hard-coded for test case 19 but no other instances of DataFormat.NONE
-            case_19_str = r".*Delete bundle due to failed security operation"
+            output_str = testcase.expected_output
 
-            LOGGER.debug("Searching test runner logger for failure string: %s", case_19_str)
-            found = self._agent.wait_for_text(case_19_str)
+            LOGGER.debug("Searching test runner logger for failure string: %s", output_str)
+            found = self._agent.wait_for_text(output_str)
             LOGGER.debug("\nFOUND OCCURENCE: %s", found)
             self.assertTrue(found != "")
 
@@ -192,8 +191,7 @@ def _single_test(self, testcase: _TestCase):
 
             LOGGER.warning('Check log output to validate expected error')
 
-            # TBD - this logic is not used yet
-            err_case_str = r"tbd"
+            err_case_str = testcase.expected_output
 
             LOGGER.debug("Searching test runner logger for error string: %s", err_case_str)
             found = self._agent.wait_for_text(err_case_str)
@@ -208,7 +206,7 @@ def _add_tests(new_tests: _TestSet):
 
     def decorator(cls):
         for id, tc in new_tests.cases.items():
-            if tc.is_implemented and tc.is_working:
+            if tc.is_working:
 
                 def _test(cls, id=id):
                     cls._single_test(new_tests.cases[id])

mock-bpa-test/test_bpa.py

@@ -197,8 +197,6 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
     int finalize_status = BSL_PolicyRegistry_FinalizeActions(bsl, policy_actions, bundle, response_output);
     BSL_LOG_INFO("Completed finalize: status=%d", finalize_status);
 
-    bool must_drop = false;
-
     BSL_SecActionList_it_t act_it;
     for (BSL_SecActionList_it(act_it, policy_actions->actions); !BSL_SecActionList_end_p(act_it);
          BSL_SecActionList_next(act_it))
@@ -239,7 +237,9 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
                 {
                     BSL_LOG_WARNING("Deleting bundle due to block target num %lu security failure",
                                     sec_oper->target_block_num);
-                    must_drop = true;
+                    // Drop the bundle and return operation error
+                    BSL_LOG_WARNING("***** Delete bundle due to failed security operation *******");
+                    BSL_BundleCtx_DeleteBundle(bundle);
                     break;
                 }
                 case BSL_POLICYACTION_UNDEFINED:
@@ -248,21 +248,9 @@ int BSL_API_ApplySecurity(const BSL_LibCtx_t *bsl, BSL_SecurityResponseSet_t *re
                     BSL_LOG_ERR("Unhandled policy action: %lu", err_action_code);
                 }
             }
-
-            if (must_drop)
-            {
-                break;
-            }
         }
     }
 
-    if (must_drop)
-    {
-        // Drop the bundle and return operation error
-        BSL_LOG_WARNING("***** Delete bundle due to failed security operation *******");
-        BSL_BundleCtx_DeleteBundle(bundle);
-    }
-
     // TODO CHK_POSTCONDITION
-    return (must_drop) ? BSL_ERR_SECURITY_OPERATION_FAILED : BSL_SUCCESS;
+    return BSL_SUCCESS;
 }

src/backend/PublicInterfaceImpl.c

@@ -473,8 +473,7 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet
      *  - BCB will be a special case, since it actively manipulates the BTSD
      *
      */
-    size_t            fail_count = 0;
-    BSL_SecOutcome_t *outcome    = calloc(BSL_SecOutcome_Sizeof(), 1);
+    BSL_SecOutcome_t *outcome = calloc(BSL_SecOutcome_Sizeof(), 1);
 
     BSL_SecActionList_it_t act_it;
     for (BSL_SecActionList_it(act_it, action_set->actions); !BSL_SecActionList_end_p(act_it);
@@ -514,19 +513,16 @@ int BSL_SecCtx_ExecutePolicyActionSet(BSL_LibCtx_t *lib, BSL_SecurityResponseSet
 
             if (errcode != 0)
             {
-                fail_count += 1;
                 BSL_LOG_ERR("Security Op failed: %d", errcode);
                 BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_FAILURE);
-                continue;
+                break; // stop processing secops if there is a failure
             }
             BSL_SecOper_SetConclusion(sec_oper, BSL_SECOP_CONCLUSION_SUCCESS);
         }
     }
     free(outcome);
 
-    output_response->failure_count = fail_count;
-
-    return fail_count == 0 ? BSL_SUCCESS : BSL_ERR_SECURITY_CONTEXT_PARTIAL_FAIL;
+    return BSL_SUCCESS;
 }
 
 bool BSL_SecCtx_ValidatePolicyActionSet(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle,

src/backend/SecurityContext.c

@@ -455,8 +455,8 @@ static void mock_bpa_register_policy(const bsl_mock_policy_configuration_t polic
             BSL_LOG_DEBUG("\nPolicy: 0x%X - Bundle Block Type: PAYLOAD", policy_bits);
             break;
         case 2:
-            bundle_block_enum = BSL_BLOCK_TYPE_BIB;
-            BSL_LOG_DEBUG("\nPolicy: 0x%X - Bundle Block Type: BIB", policy_bits);
+            bundle_block_enum = 192;
+            BSL_LOG_DEBUG("\nPolicy: 0x%X - Bundle Block Type: PRIVATE (192)", policy_bits);
             break;
         case 3:
             bundle_block_enum = BSL_BLOCK_TYPE_BUNDLE_AGE;

src/mock_bpa/policy_config.c

@@ -61,14 +61,15 @@ extern "C" {
  *              Policy Action: 00 - nothing, 01 - drop block,  -|         |     |   |
  *                             10 - drop bundle, 11: undefined -|         |     |   |
  *                                                                        |     |   |
- *                          Target Block Type: 00 - primary, 01 payload  -|     |   |
- *                                             10 - bib, 11 - bundle age -|     |   |
+ *                       Target Block Type: 00 - primary, 01 - payload,  -|     |   |
+ *                      10 - private/experimental (192), 11 - bundle age -|     |   |
  *                                                                              |   |
  *                                                    Target Block Type: -|     |   |
  *                                        Policy Location: 0 - CLOUT, 1 - CLIN -|   |
  *                                                                                  |
  *                                                Sec Block Type: 0 - BIB, 1 - BCB -|
  *
+ *
  * @endcode
  */
 typedef uint32_t bsl_mock_policy_configuration_t;

src/mock_bpa/policy_config.h

@@ -156,10 +156,10 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti
             for (i = 0; i < BSLP_SecOperPtrList_size(secops); i++)
             {
                 BSL_SecOper_t **comp = BSLP_SecOperPtrList_get(secops, i);
-                BSL_LOG_INFO("NEW SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(sec_oper),
-                             BSL_SecOper_IsBIB(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper));
-                BSL_LOG_INFO("comp SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(*comp),
-                             BSL_SecOper_IsBIB(*comp), BSL_SecOper_GetSecurityBlockNum(*comp));
+                BSL_LOG_DEBUG("NEW SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(sec_oper),
+                              BSL_SecOper_IsBIB(sec_oper), BSL_SecOper_GetSecurityBlockNum(sec_oper));
+                BSL_LOG_DEBUG("comp SECOP (tgt=%d)(bib?=%d)(secblk=%d)", BSL_SecOper_GetTargetBlockNum(*comp),
+                              BSL_SecOper_IsBIB(*comp), BSL_SecOper_GetSecurityBlockNum(*comp));
                 if (BSL_SecOper_GetTargetBlockNum(*comp) == BSL_SecOper_GetTargetBlockNum(sec_oper))
                 {
                     // Both BIBs or BCBs
@@ -171,12 +171,12 @@ int BSLP_QueryPolicy(const void *user_data, BSL_SecurityActionSet_t *output_acti
                     // true if ACC BIB or SRC BCB
                     if (BSL_SecOper_IsBIB(sec_oper) ^ BSL_SecOper_IsRoleSource(sec_oper))
                     {
-                        BSL_LOG_INFO("NEW OP AFTER COMP");
+                        BSL_LOG_DEBUG("NEW OP AFTER COMP");
                         BSLP_SecOperPtrList_push_at(secops, i + 1, sec_oper);
                     }
                     else
                     {
-                        BSL_LOG_INFO("NEW OP BEFORE COMP");
+                        BSL_LOG_DEBUG("NEW OP BEFORE COMP");
                         BSLP_SecOperPtrList_push_at(secops, i, sec_oper);
                     }
                     break;

src/policy_provider/SamplePolicyProvider.c

@@ -188,9 +188,13 @@ void test_SecurityContext_BIB_Verifier_Failure(void)
     BSL_SecurityActionSet_t   *malloced_actionset   = BSL_TestUtils_InitMallocBIBActionSet(&bib_test_context);
     BSL_SecurityResponseSet_t *malloced_responseset = BSL_TestUtils_MallocEmptyPolicyResponse();
 
-    TEST_ASSERT_NOT_EQUAL(BSL_SUCCESS,
-                          BSL_SecCtx_ExecutePolicyActionSet(&LocalTestCtx.bsl, malloced_responseset,
-                                                            &mock_bpa_ctr->bundle_ref, malloced_actionset));
+    TEST_ASSERT_EQUAL(BSL_SUCCESS, BSL_SecCtx_ExecutePolicyActionSet(&LocalTestCtx.bsl, malloced_responseset,
+                                                                     &mock_bpa_ctr->bundle_ref, malloced_actionset));
+
+    TEST_ASSERT_EQUAL(
+        BSL_SecurityAction_GetSecOperAtIndex(BSL_SecurityActionSet_GetActionAtIndex(malloced_actionset, 0), 0)
+            ->conclusion,
+        BSL_SECOP_CONCLUSION_FAILURE);
 
     BSL_SecurityActionSet_Deinit(malloced_actionset);
     free(malloced_actionset);