-
Notifications
You must be signed in to change notification settings - Fork 7
Call security context validators during action-set validation #190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -44,18 +44,12 @@ bool BSLX_BIB_Validate(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const B | |
| // Note: Internal API distinction. | ||
| // Called before the `_execute` function. This checks ahead of time whether it contains the necessary info in order | ||
| // to perform the execution. | ||
| (void)lib; | ||
| (void)bundle; | ||
| (void)sec_oper; | ||
| return false; | ||
| return lib != NULL && bundle != NULL && sec_oper != NULL; | ||
| } | ||
|
|
||
| bool BSLX_BCB_Validate(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This PR did not introduce this issue, but this function should be moved to |
||
| { | ||
| (void)lib; | ||
| (void)bundle; | ||
| (void)sec_oper; | ||
| return false; | ||
| return lib != NULL && bundle != NULL && sec_oper != NULL; | ||
| } | ||
|
|
||
| /** | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -44,6 +44,31 @@ | |
|
|
||
| static BSL_TestContext_t LocalTestCtx; | ||
|
|
||
| static size_t TestSecCtxValidateCallCount = 0; | ||
| static uint64_t TestSecCtxValidatedTarget = 0; | ||
| static bool TestSecCtxValidateResult = true; | ||
|
|
||
| static bool BSL_TestSecCtx_Validate(BSL_LibCtx_t *lib, const BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper) | ||
| { | ||
| TEST_ASSERT_NOT_NULL(lib); | ||
| TEST_ASSERT_NOT_NULL(bundle); | ||
| TEST_ASSERT_NOT_NULL(sec_oper); | ||
|
|
||
| TestSecCtxValidateCallCount++; | ||
| TestSecCtxValidatedTarget = BSL_SecOper_GetTargetBlockNum(sec_oper); | ||
| return TestSecCtxValidateResult; | ||
| } | ||
|
|
||
| static int BSL_TestSecCtx_Execute(BSL_LibCtx_t *lib, BSL_BundleRef_t *bundle, const BSL_SecOper_t *sec_oper, | ||
| BSL_SecOutcome_t *sec_outcome) | ||
| { | ||
| (void)lib; | ||
| (void)bundle; | ||
| (void)sec_oper; | ||
| (void)sec_outcome; | ||
| return BSL_SUCCESS; | ||
| } | ||
|
|
||
| void suiteSetUp(void) | ||
| { | ||
| TEST_ASSERT_EQUAL_INT(0, BSL_HostDescriptors_Set(MockBPA_Agent_Descriptors(NULL))); | ||
|
|
@@ -70,6 +95,38 @@ void tearDown(void) | |
| TEST_ASSERT_EQUAL(0, BSL_TestContext_Deinit(&LocalTestCtx)); | ||
| } | ||
|
|
||
| void test_SecurityContext_ValidatePolicyActionSet_UsesRegisteredValidator(void) | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This test does properly verify changes! I think the scope of this could be increased for sec ctx
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That case is essentially already exercised by the rest of the tests in this file, but I think an explicit simple test is still useful while we're at it with this one. |
||
| { | ||
| TestSecCtxValidateCallCount = 0; | ||
| TestSecCtxValidatedTarget = 0; | ||
| TestSecCtxValidateResult = false; | ||
|
|
||
| BSL_SecCtxDesc_t sec_ctx_desc = { 0 }; | ||
| sec_ctx_desc.validate = BSL_TestSecCtx_Validate; | ||
| sec_ctx_desc.execute = BSL_TestSecCtx_Execute; | ||
| TEST_ASSERT_EQUAL(BSL_SUCCESS, BSL_API_RegisterSecurityContext(&LocalTestCtx.bsl, 99, sec_ctx_desc)); | ||
|
|
||
| BSL_SecOper_t sec_oper; | ||
| BSL_SecOper_Init(&sec_oper); | ||
| BSL_SecOper_Populate(&sec_oper, 99, 1, 2, BSL_SECBLOCKTYPE_BIB, BSL_SECROLE_SOURCE, BSL_POLICYACTION_NOTHING); | ||
|
|
||
| BSL_SecurityAction_t action; | ||
| BSL_SecurityAction_Init(&action); | ||
| TEST_ASSERT_EQUAL(BSL_SUCCESS, BSL_SecurityAction_AppendSecOper(&action, &sec_oper)); | ||
|
|
||
| BSL_SecurityActionSet_t action_set; | ||
| BSL_SecurityActionSet_Init(&action_set); | ||
| TEST_ASSERT_EQUAL(BSL_SUCCESS, BSL_SecurityActionSet_AppendAction(&action_set, &action)); | ||
|
|
||
| TEST_ASSERT_FALSE( | ||
| BSL_SecCtx_ValidatePolicyActionSet(&LocalTestCtx.bsl, &LocalTestCtx.mock_bpa_ctr.bundle_ref, &action_set)); | ||
| TEST_ASSERT_EQUAL_UINT(1, TestSecCtxValidateCallCount); | ||
| TEST_ASSERT_EQUAL_UINT64(1, TestSecCtxValidatedTarget); | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
|
|
||
| BSL_SecurityAction_Deinit(&action); | ||
| BSL_SecurityActionSet_Deinit(&action_set); | ||
| } | ||
|
|
||
| /** | ||
| * @brief Purpose: Creates a BIB block and adds it to the bundle, confirms it matches the test vector in RFC9173 | ||
| * | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer using the
BSL_CHKFALSEmacro, E.g.BSL_CHKFALSE(NULL != lib), etc.