From d887e78f044296f401934f4c3005635078af4141 Mon Sep 17 00:00:00 2001 From: Adam Farley Date: Mon, 16 Dec 2024 14:54:27 +0000 Subject: [PATCH] More tests, secure mode, and line endings Signed-off-by: Adam Farley --- sbin/common/lib/functionLibrary.sh | 44 ++++++++++++-------- sbin/common/lib/functionLibraryTests.sh | 54 +++++++++++++++++++++++-- 2 files changed, 78 insertions(+), 20 deletions(-) diff --git a/sbin/common/lib/functionLibrary.sh b/sbin/common/lib/functionLibrary.sh index 898f22bd1..dffaaa17f 100644 --- a/sbin/common/lib/functionLibrary.sh +++ b/sbin/common/lib/functionLibrary.sh @@ -52,7 +52,7 @@ function checkFileSha() { info "Checking if a file matches the sha256 checksum. Fails if there is no checksum." if [ $# != 2 ]; then echo "Error: checkFileSha() function was not supplied with exactly 2 arguments." - exit 1 + return 1 fi if [[ -z $1 ]]; then @@ -76,7 +76,7 @@ function checkFileSha() { shaReturnCode=$? else echo "Error: Neither sha256sum nor shasum is available on this machine." - exit 1 + return 1 fi if [ $shaReturnCode != 0 ]; then @@ -93,7 +93,7 @@ function doesThisURLExist() { info "Checking if a given URL exists." if [ $# == 0 ]; then echo "Error: doesThisURLExist() function was not supplied with a URL." - exit 1 + return 1 fi spiderOutput=1 @@ -107,7 +107,7 @@ function doesThisURLExist() { spiderOutput=$? else echo "Error: Neither wget nor curl could be found when downloading this file: ${source}" - exit 1 + return 1 fi return $spiderOutput @@ -119,11 +119,13 @@ function doesThisURLExist() { # -destination (mandatory: an existent folder where the file will be put) # -filename (optional: the new name of the file post-download) # -sha (optional: the anticipated sha of the downloaded file) +# -secure (optional: true/false - should this download be automatically failed?) function downloadFile() { source="" destination="" filename="" sha="" + secure="false" arrayOfArgs=( "$@" ) x=0 @@ -147,8 +149,12 @@ function downloadFile() { --sha | -sha ) sha="${value}" ;; - - *) echo >&2 "Invalid downloadFile argument: ${arg} ${value}"; exit 1;; + + --secure | -secure ) + [[ "${value}" == "true" ]] && secure="true" + ;; + + *) echo >&2 "Invalid downloadFile argument: ${arg} ${value}"; return 1;; esac x="$((x+1))" done @@ -159,7 +165,7 @@ function downloadFile() { echo "Error: function downloadFile requires both a source and a destination." echo "Source detected: ${source}" echo "Destination detected: ${destination}" - exit 1 + return 1 fi info "File details: " @@ -167,18 +173,21 @@ function downloadFile() { info "- destination: ${destination}" info "- file name: ${filename}" info "- sha256 checksum: ${sha}" + info "- secure: ${secure}" if [ -z ${filename} ]; then filename="${source##*/}" fi + [[ ${secure} == "true" ]] && echo "The attempted download of file ${filename} was blocked because secure mode is active." && return 1 + info "Checking if source exists." doesThisURLExist "${source}" - [[ $? != 0 ]] && echo "Error: File could not be found at source." && exit 1 + [[ $? != 0 ]] && echo "Error: File could not be found at source." && return 1 info "Source exists." info "Checking if destination folder exists." - [ ! -x ${destination} ] && echo "Error: Destination folder could not be found." && exit 1 + [ ! -x ${destination} ] && echo "Error: Destination folder could not be found." && return 1 info "Destination folder exists. Checking if file is already present." if [ -x "${destination}/${filename}" ]; then @@ -189,11 +198,11 @@ function downloadFile() { rm "${destination}/${filename}" if [ $? != 0 ]; then echo "Error: Could not remove file." - exit 1 + return 1 fi else info "A file was found with the same name, and it matches the supplied checksum. Skipping download." - exit 0 + return 0 fi fi if [ -x "${destination}/${source##*/}" ]; then @@ -204,12 +213,12 @@ function downloadFile() { rm "${destination}/${source##*/}" if [ $? != 0 ]; then echo "Error: Could not remove file." - exit 1 + return 0 fi else info "A file was found with the same name, and it matches the supplied checksum. Skipping download." mv "${destination}/${source##*/}" "${destination}/${filename}" - exit 0 + return 0 fi fi @@ -232,7 +241,7 @@ function downloadFile() { if [[ $? != 0 ]]; then echo "Error: Checksum does not match the downloaded file. Removing file." rm "${destination}/${filename}" - exit 1 + return 1 fi fi @@ -240,8 +249,11 @@ function downloadFile() { info "Setting file permissions to 770." chmod 770 "${destination}/${filename}" - [ $? != 0 ] && echo "Error: Checksum does not match the downloaded file. Removing file." && rm "${destination}/${filename}" && exit 1 - + if [ $? != 0 ]; then + echo "Error: Chmod has failed. Attempting to remove file." + rm "${destination}/${filename}" + return 1 + fi info "File permissions set successfully." info "File download script complete" diff --git a/sbin/common/lib/functionLibraryTests.sh b/sbin/common/lib/functionLibraryTests.sh index 4d4cd0e8e..961de84bd 100644 --- a/sbin/common/lib/functionLibraryTests.sh +++ b/sbin/common/lib/functionLibraryTests.sh @@ -78,16 +78,62 @@ function doesThisURLExistTests(){ testResults "doesThisURLExistTest 3" "$?" } + +sampleFileURL="https://raw.githubusercontent.com/adamfarley/temurin-build/refs/heads/build_scripts_secure_mode/sbin/common/lib" +sampleFileName="sampleFileForTesting.txt" +sampleFileSha="7eb664568090f0ac7f573b25e4ac7929a48f3fb39fb34e6b21421959acdf94b4" + + # downloadFile function downloadFileTests() { workdir="$(pwd)/tmp_test_work_dir" # Setup - [[ -x "${workdir}" ]] && echo "Error: Temporary test work directory exists and shouldn't." && exit 1 + [[ -x "${workdir}" ]] && echo "Error: Temporary test work directory exists and shouldn't: ${workdir}" && exit 1 mkdir "${workdir}" - [[ ! -x "${workdir}" ]] && echo "Error: Temporary test work directory could not be created." && exit 1 - + [[ ! -x "${workdir}" ]] && echo "Error: Temporary test work directory could not be created: ${workdir}" && exit 1 + + # Does it pass when it should (no sha)? + downloadFile -s "${sampleFileURL}/${sampleFileName}" -d "${workdir}" + [[ $? == 0 && -x "${workdir}/${sampleFileName}" ]] + testResults "downloadFileTest 1" "$?" + rm -rf "${workdir}/*" + + # Does it pass when it should (sha)? + downloadFile -s "${sampleFileURL}/${sampleFileName}" -d "${workdir}" -sha "${sampleFileSha}" + [[ $? == 0 && -x "${workdir}/${sampleFileName}" ]] + testResults "downloadFileTest 2" "$?" + exit 1 + rm -rf "${workdir}/*" + + # Does it correctly rename the downloaded file? + downloadFile -s "${sampleFileURL}/${sampleFileName}" -d "${workdir}" -sha "${sampleFileSha}" -f "newfilename" + [[ $? == 0 && -x "${workdir}/newfilename" ]] + testResults "downloadFileTest 3" "$?" + rm -rf "${workdir}/*" + + # Does it fail when it should (no sha, source does not exist)? + downloadFile -s "${sampleFileURL}/thisFileDoesNotExist" -d "${workdir}" &> /dev/null + [[ $? != 0 && ! -x "${workdir}/${sampleFileName}" ]] + testResults "downloadFileTest 4" "$?" + + # Does it fail when it should (with sha, source does not exist)? + downloadFile -s "${sampleFileURL}/thisFileDoesNotExist" -d "${workdir}" -sha "${sampleFileSha}" &> /dev/null + [[ $? != 0 && ! -x "${workdir}/${sampleFileName}" ]] + testResults "downloadFileTest 5" "$?" + + # Does it fail when it should (with invalid sha, source exists)? + downloadFile -s "${sampleFileURL}/${sampleFileName}" -d "${workdir}" -sha "thisisaninvalidsha12345" -f "newfilename" &> /dev/null + [[ $? != 0 && ! -x "${workdir}/newfilename" ]] + testResults "downloadFileTest 6" "$?" + + # Does it fail when it should (secure mode)? + downloadFile -s "${sampleFileURL}/${sampleFileName}" -d "${workdir}" -secure "true" &> /dev/null + [[ $? != 0 && ! -x "${workdir}/newfilename" ]] + testResults "downloadFileTest 7" "$?" + # Clean up - [[ ! (rm -rf "${workdir}") ]] && echo "Error: Temporary test work directory could not be deleted." && exit 1 + rm -rf "${workdir}" + [[ $? != 0 ]] && echo "Error: Temporary test work directory could not be deleted." && exit 1 } echo "Test script start."