From d0e795131efff2d840d4bf79b77da1467a61b086 Mon Sep 17 00:00:00 2001 From: LGTM Migrator Date: Tue, 8 Nov 2022 17:37:06 +0000 Subject: [PATCH 01/13] Add CodeQL workflow for GitHub code scanning --- .github/workflows/codeql.yml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000..5983aecb9f7 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,42 @@ +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: "1 18 * * 0" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ cpp, python ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + if: ${{ matrix.language == 'cpp' || matrix.language == 'python' }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" From 5f88dc156648bb3b3b79be56b253b5c8e0a1209c Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Thu, 10 Nov 2022 18:04:25 -0500 Subject: [PATCH 02/13] Change language to c Co-authored-by: harrisonkaiser <60789001+harrisonkaiser@users.noreply.github.com> --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5983aecb9f7..f5f2720c549 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ cpp, python ] + language: [ c, python ] steps: - name: Checkout @@ -34,7 +34,7 @@ jobs: - name: Autobuild uses: github/codeql-action/autobuild@v2 - if: ${{ matrix.language == 'cpp' || matrix.language == 'python' }} + if: ${{ matrix.language == 'c' || matrix.language == 'python' }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 From 70fd36f57f0529c90f5efb969decf22efcd6182a Mon Sep 17 00:00:00 2001 From: harrisonkaiser <60789001+harrisonkaiser@users.noreply.github.com> Date: Fri, 11 Nov 2022 14:36:20 -0500 Subject: [PATCH 03/13] Perfomance experiment with CodeQL !fixme .github/workflows/codeql.yml This is a experiment to see if we can reduce the time taken by Github CodeQL. Do not commit merge this PR without reviewing this list! --- .github/workflows/codeql.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f5f2720c549..8403c80c79d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,6 +31,38 @@ jobs: with: languages: ${{ matrix.language }} queries: +security-and-quality + query-filters: + - exclude: + id: cpp/bad-strncpy-size + id: cpp/certificate-not-checked + id: cpp/cgi-xss + id: cpp/cleartext-storage-buffer + id: cpp/cleartext-storage-file + id: cpp/command-line-injection + id: cpp/external-entity-expansion + id: cpp/incorrect-allocation-error-handling + id: cpp/insufficient-key-size + id: cpp/missing-check-scanf + id: cpp/non-https-url + id: cpp/path-injection + id: cpp/pointer-overflow-check + id: cpp/potential-system-data-exposure + id: cpp/resource-not-released-in-destructor + id: cpp/return-stack-allocated-memory + id: cpp/signed-overflow-check + id: cpp/sql-injection + id: cpp/system-data-exposure + id: cpp/tainted-format-string + id: cpp/tainted-format-string-through-global + id: cpp/tainted-permissions-check + id: cpp/unbounded-write + id: cpp/uncontrolled-allocation-size + id: cpp/uncontrolled-arithmetic + id: cpp/uncontrolled-process-operation + id: cpp/unsafe-strncat + id: cpp/unsafe-use-of-this + id: cpp/user-controlled-bypass + id: cpp/using-expired-stack-address - name: Autobuild uses: github/codeql-action/autobuild@v2 From 37b55a306936ef71141b998cb085485f39b35283 Mon Sep 17 00:00:00 2001 From: harrisonkaiser <60789001+harrisonkaiser@users.noreply.github.com> Date: Fri, 11 Nov 2022 14:50:11 -0500 Subject: [PATCH 04/13] Experiment with performance Move the query filters to the right place. --- .github/workflows/codeql.yml | 65 ++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8403c80c79d..942aea6b372 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,5 +1,38 @@ name: "CodeQL" +query-filters: + - exclude: + id: cpp/bad-strncpy-size + id: cpp/certificate-not-checked + id: cpp/cgi-xss + id: cpp/cleartext-storage-buffer + id: cpp/cleartext-storage-file + id: cpp/command-line-injection + id: cpp/external-entity-expansion + id: cpp/incorrect-allocation-error-handling + id: cpp/insufficient-key-size + id: cpp/missing-check-scanf + id: cpp/non-https-url + id: cpp/path-injection + id: cpp/pointer-overflow-check + id: cpp/potential-system-data-exposure + id: cpp/resource-not-released-in-destructor + id: cpp/return-stack-allocated-memory + id: cpp/signed-overflow-check + id: cpp/sql-injection + id: cpp/system-data-exposure + id: cpp/tainted-format-string + id: cpp/tainted-format-string-through-global + id: cpp/tainted-permissions-check + id: cpp/unbounded-write + id: cpp/uncontrolled-allocation-size + id: cpp/uncontrolled-arithmetic + id: cpp/uncontrolled-process-operation + id: cpp/unsafe-strncat + id: cpp/unsafe-use-of-this + id: cpp/user-controlled-bypass + id: cpp/using-expired-stack-address + on: push: branches: [ "main" ] @@ -31,38 +64,6 @@ jobs: with: languages: ${{ matrix.language }} queries: +security-and-quality - query-filters: - - exclude: - id: cpp/bad-strncpy-size - id: cpp/certificate-not-checked - id: cpp/cgi-xss - id: cpp/cleartext-storage-buffer - id: cpp/cleartext-storage-file - id: cpp/command-line-injection - id: cpp/external-entity-expansion - id: cpp/incorrect-allocation-error-handling - id: cpp/insufficient-key-size - id: cpp/missing-check-scanf - id: cpp/non-https-url - id: cpp/path-injection - id: cpp/pointer-overflow-check - id: cpp/potential-system-data-exposure - id: cpp/resource-not-released-in-destructor - id: cpp/return-stack-allocated-memory - id: cpp/signed-overflow-check - id: cpp/sql-injection - id: cpp/system-data-exposure - id: cpp/tainted-format-string - id: cpp/tainted-format-string-through-global - id: cpp/tainted-permissions-check - id: cpp/unbounded-write - id: cpp/uncontrolled-allocation-size - id: cpp/uncontrolled-arithmetic - id: cpp/uncontrolled-process-operation - id: cpp/unsafe-strncat - id: cpp/unsafe-use-of-this - id: cpp/user-controlled-bypass - id: cpp/using-expired-stack-address - name: Autobuild uses: github/codeql-action/autobuild@v2 From e735b4fd1b519776ba7e6ed820a0701837566d29 Mon Sep 17 00:00:00 2001 From: harrisonkaiser <60789001+harrisonkaiser@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:02:24 -0500 Subject: [PATCH 05/13] Revert Experiment Turns out you need to add a config file. --- .github/workflows/codeql.yml | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 942aea6b372..f5f2720c549 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,38 +1,5 @@ name: "CodeQL" -query-filters: - - exclude: - id: cpp/bad-strncpy-size - id: cpp/certificate-not-checked - id: cpp/cgi-xss - id: cpp/cleartext-storage-buffer - id: cpp/cleartext-storage-file - id: cpp/command-line-injection - id: cpp/external-entity-expansion - id: cpp/incorrect-allocation-error-handling - id: cpp/insufficient-key-size - id: cpp/missing-check-scanf - id: cpp/non-https-url - id: cpp/path-injection - id: cpp/pointer-overflow-check - id: cpp/potential-system-data-exposure - id: cpp/resource-not-released-in-destructor - id: cpp/return-stack-allocated-memory - id: cpp/signed-overflow-check - id: cpp/sql-injection - id: cpp/system-data-exposure - id: cpp/tainted-format-string - id: cpp/tainted-format-string-through-global - id: cpp/tainted-permissions-check - id: cpp/unbounded-write - id: cpp/uncontrolled-allocation-size - id: cpp/uncontrolled-arithmetic - id: cpp/uncontrolled-process-operation - id: cpp/unsafe-strncat - id: cpp/unsafe-use-of-this - id: cpp/user-controlled-bypass - id: cpp/using-expired-stack-address - on: push: branches: [ "main" ] From ca06eb37b459e8b09af9b7c8aaa8eb3bcfb5901b Mon Sep 17 00:00:00 2001 From: Frank Lee Date: Thu, 17 Nov 2022 21:55:24 +0000 Subject: [PATCH 06/13] Enabling for python only --- .github/workflows/codeql.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f5f2720c549..7094c46e542 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,4 +1,4 @@ -name: "CodeQL" +name: "CodeQL - Python" on: push: @@ -20,7 +20,8 @@ jobs: strategy: fail-fast: false matrix: - language: [ c, python ] + # Disabling c analysis (for now) as this takes ~2 hours to complete + language: [ python ] steps: - name: Checkout From 7fa0e34922296b3c8b3677ae00b54d9d0113b2d1 Mon Sep 17 00:00:00 2001 From: Frank Lee Date: Fri, 18 Nov 2022 03:35:28 +0000 Subject: [PATCH 07/13] testing ignoring path of integv1 --- .github/workflows/codeql.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7094c46e542..7ed71cbfbc3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,8 +3,12 @@ name: "CodeQL - Python" on: push: branches: [ "main" ] + paths-ignore: + - '**/tests/integration/*' pull_request: branches: [ "main" ] + paths-ignore: + - '**/tests/integration/*' schedule: - cron: "1 18 * * 0" From 51611c81ec12457f54b0007ca20cda49f3749905 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Fri, 18 Nov 2022 19:47:10 +0000 Subject: [PATCH 08/13] Excluding old integration tests + first batch of codeql alert fixes --- .github/codeql-config.yml | 4 ++++ .github/workflows/codeql.yml | 1 + codebuild/create_project.py | 1 - tests/integrationv2/common.py | 1 - tests/integrationv2/configuration.py | 2 +- tests/integrationv2/conftest.py | 1 - tests/integrationv2/fixtures.py | 4 +--- tests/integrationv2/processes.py | 1 - tests/integrationv2/providers.py | 8 ++++---- tests/integrationv2/test_buffered_send.py | 3 +-- tests/integrationv2/test_client_authentication.py | 6 +----- tests/integrationv2/test_cross_compatibility.py | 3 +-- tests/integrationv2/test_dynamic_record_sizes.py | 8 ++------ tests/integrationv2/test_early_data.py | 7 +------ tests/integrationv2/test_external_psk.py | 4 +--- tests/integrationv2/test_fragmentation.py | 1 - tests/integrationv2/test_happy_path.py | 5 ++--- tests/integrationv2/test_hello_retry_requests.py | 3 --- tests/integrationv2/test_key_update.py | 4 +--- tests/integrationv2/test_npn.py | 1 - tests/integrationv2/test_ocsp.py | 5 ++--- tests/integrationv2/test_pq_handshake.py | 7 +++---- tests/integrationv2/test_renegotiate.py | 3 +-- tests/integrationv2/test_renegotiate_apache.py | 1 - tests/integrationv2/test_session_resumption.py | 2 -- tests/integrationv2/test_signature_algorithms.py | 5 ++--- tests/integrationv2/test_sni_match.py | 6 ++---- tests/integrationv2/test_sslyze.py | 7 +++---- tests/integrationv2/test_version_negotiation.py | 1 - tests/integrationv2/test_well_known_endpoints.py | 5 ++--- tests/integrationv2/utils.py | 6 +++--- tests/sidetrail/bin/bpl_trace_to_c.py | 1 - 32 files changed, 39 insertions(+), 78 deletions(-) create mode 100644 .github/codeql-config.yml diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml new file mode 100644 index 00000000000..a2fd22db6cf --- /dev/null +++ b/.github/codeql-config.yml @@ -0,0 +1,4 @@ +name: "S2N CodeQL Config" + +paths-ignore: + - tests/integration \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7ed71cbfbc3..e7644c6c53a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,6 +36,7 @@ jobs: with: languages: ${{ matrix.language }} queries: +security-and-quality + config-file: ./.github/codeql-config.yml - name: Autobuild uses: github/codeql-action/autobuild@v2 diff --git a/codebuild/create_project.py b/codebuild/create_project.py index 1449896111c..68d5d3080f6 100755 --- a/codebuild/create_project.py +++ b/codebuild/create_project.py @@ -397,7 +397,6 @@ def get_account_number(): def main(args, config): """ Create the CFN template and do stuff with said template. """ codebuild = Template() - config codebuild.set_version('2010-09-09') # Create a single CloudWatch Event role to allow codebuild:startBuild cw_event_role = build_cw_cb_role(codebuild, config) diff --git a/tests/integrationv2/common.py b/tests/integrationv2/common.py index bafe87a1b08..0c51ffc6010 100644 --- a/tests/integrationv2/common.py +++ b/tests/integrationv2/common.py @@ -1,7 +1,6 @@ import os import re import subprocess -import string import threading import itertools diff --git a/tests/integrationv2/configuration.py b/tests/integrationv2/configuration.py index 3bd6ff0ca24..bf7f7820426 100644 --- a/tests/integrationv2/configuration.py +++ b/tests/integrationv2/configuration.py @@ -2,7 +2,7 @@ from common import Certificates, Ciphers, Curves, Protocols, AvailablePorts from constants import TEST_SNI_CERT_DIRECTORY -from providers import S2N, OpenSSL, BoringSSL, JavaSSL +from providers import S2N, OpenSSL, JavaSSL # The boolean configuration will let a test run for True and False diff --git a/tests/integrationv2/conftest.py b/tests/integrationv2/conftest.py index 8e39dcb947f..f6b836a3630 100644 --- a/tests/integrationv2/conftest.py +++ b/tests/integrationv2/conftest.py @@ -1,4 +1,3 @@ -import pytest from global_flags import set_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE, S2N_NO_PQ diff --git a/tests/integrationv2/fixtures.py b/tests/integrationv2/fixtures.py index 3e4d16f43ab..609e6b50f53 100644 --- a/tests/integrationv2/fixtures.py +++ b/tests/integrationv2/fixtures.py @@ -1,12 +1,10 @@ import os import pytest import subprocess -import threading -import time from processes import ManagedProcess from providers import Provider -from common import ProviderOptions, Protocols +from common import ProviderOptions @pytest.fixture diff --git a/tests/integrationv2/processes.py b/tests/integrationv2/processes.py index f6751487d50..fba6f5a3d0f 100644 --- a/tests/integrationv2/processes.py +++ b/tests/integrationv2/processes.py @@ -1,4 +1,3 @@ -import time import os import select import selectors diff --git a/tests/integrationv2/providers.py b/tests/integrationv2/providers.py index 9cc12dc03c8..47fa17d426b 100644 --- a/tests/integrationv2/providers.py +++ b/tests/integrationv2/providers.py @@ -66,22 +66,22 @@ def setup_server(self): raise NotImplementedError @classmethod - def get_send_marker(cls): + def get_send_marker(self): """ This should be the last message printed before the client/server can send data. """ return None @classmethod - def supports_protocol(cls, protocol, with_cert=None): + def supports_protocol(self, protocol, with_cert=None): raise NotImplementedError @classmethod - def supports_cipher(cls, cipher, with_curve=None): + def supports_cipher(self, cipher, with_curve=None): raise NotImplementedError @classmethod - def supports_signature(cls, signature): + def supports_signature(self, signature): return True def get_cmd_line(self): diff --git a/tests/integrationv2/test_buffered_send.py b/tests/integrationv2/test_buffered_send.py index 4cf10751dc5..9abc2544687 100644 --- a/tests/integrationv2/test_buffered_send.py +++ b/tests/integrationv2/test_buffered_send.py @@ -1,8 +1,7 @@ import pytest -from configuration import available_ports, PROTOCOLS, ALL_TEST_CIPHERS, MINIMAL_TEST_CERTS, Certificates +from configuration import available_ports, PROTOCOLS, ALL_TEST_CIPHERS, MINIMAL_TEST_CERTS from common import ProviderOptions, data_bytes -from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, to_bytes, to_string diff --git a/tests/integrationv2/test_client_authentication.py b/tests/integrationv2/test_client_authentication.py index 0169ea20c25..e9db6dcdc3c 100644 --- a/tests/integrationv2/test_client_authentication.py +++ b/tests/integrationv2/test_client_authentication.py @@ -1,12 +1,8 @@ import copy -import os import pytest -import time -from configuration import (available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, - ALL_TEST_CERTS, PROTOCOLS) +from configuration import (available_ports, ALL_TEST_CIPHERS, PROTOCOLS) from common import Certificates, ProviderOptions, Protocols, data_bytes -from fixtures import managed_process from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_cross_compatibility.py b/tests/integrationv2/test_cross_compatibility.py index f0b2fe4d2ec..c985abf12f9 100644 --- a/tests/integrationv2/test_cross_compatibility.py +++ b/tests/integrationv2/test_cross_compatibility.py @@ -2,9 +2,8 @@ import copy import os -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS +from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_dynamic_record_sizes.py b/tests/integrationv2/test_dynamic_record_sizes.py index e283208ee46..18f422028ff 100644 --- a/tests/integrationv2/test_dynamic_record_sizes.py +++ b/tests/integrationv2/test_dynamic_record_sizes.py @@ -1,12 +1,8 @@ import copy -import os import pytest -import subprocess -import time -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROVIDERS, PROTOCOLS -from common import ProviderOptions, data_bytes, Protocols -from fixtures import managed_process, custom_mtu +from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS +from common import ProviderOptions, data_bytes from providers import Provider, S2N, OpenSSL, Tcpdump from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_early_data.py b/tests/integrationv2/test_early_data.py index 2bac1931881..0f9f7a90cdd 100644 --- a/tests/integrationv2/test_early_data.py +++ b/tests/integrationv2/test_early_data.py @@ -1,13 +1,9 @@ import copy import os import pytest -import time -from enum import Enum -from collections import namedtuple -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS, TLS13_CIPHERS +from configuration import available_ports, ALL_TEST_CURVES, ALL_TEST_CERTS, TLS13_CIPHERS from common import ProviderOptions, Protocols, Curves, data_bytes -from fixtures import managed_process from providers import Provider, S2N as S2NBase, OpenSSL as OpenSSLBase from utils import invalid_test_parameters, get_parameter_name, to_bytes @@ -338,7 +334,6 @@ def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher, other_provider, early_data_size): ticket_file = str(tmp_path / TICKET_FILE) early_data_file = str(tmp_path / EARLY_DATA_FILE) - early_data = get_early_data_bytes(early_data_file, early_data_size) options = ProviderOptions( port=next(available_ports), diff --git a/tests/integrationv2/test_external_psk.py b/tests/integrationv2/test_external_psk.py index b67114acaa3..01c191717a5 100644 --- a/tests/integrationv2/test_external_psk.py +++ b/tests/integrationv2/test_external_psk.py @@ -1,10 +1,8 @@ -import copy import pytest from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process -from providers import Provider, S2N, OpenSSL +from providers import S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes from enum import Enum, auto diff --git a/tests/integrationv2/test_fragmentation.py b/tests/integrationv2/test_fragmentation.py index d34f9095cc6..e3953d7caef 100644 --- a/tests/integrationv2/test_fragmentation.py +++ b/tests/integrationv2/test_fragmentation.py @@ -3,7 +3,6 @@ from configuration import available_ports, PROTOCOLS from common import ProviderOptions, Ciphers, Certificates, data_bytes -from fixtures import managed_process from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_happy_path.py b/tests/integrationv2/test_happy_path.py index 9de21eb8dff..f03ec48857f 100644 --- a/tests/integrationv2/test_happy_path.py +++ b/tests/integrationv2/test_happy_path.py @@ -1,9 +1,8 @@ import copy import pytest -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROVIDERS, PROTOCOLS -from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process +from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS +from common import ProviderOptions, data_bytes from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_hello_retry_requests.py b/tests/integrationv2/test_hello_retry_requests.py index 600848eeb12..2d7a90541e3 100644 --- a/tests/integrationv2/test_hello_retry_requests.py +++ b/tests/integrationv2/test_hello_retry_requests.py @@ -1,12 +1,9 @@ import copy -import os import pytest import re -import time from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes, Curves -from fixtures import managed_process from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_key_update.py b/tests/integrationv2/test_key_update.py index 3ad40b33461..3c778e5c59b 100644 --- a/tests/integrationv2/test_key_update.py +++ b/tests/integrationv2/test_key_update.py @@ -2,11 +2,9 @@ import pytest from configuration import available_ports, TLS13_CIPHERS -from common import ProviderOptions, Protocols, data_bytes, Ciphers -from fixtures import managed_process +from common import ProviderOptions, Protocols, data_bytes from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name -from global_flags import get_flag, S2N_PROVIDER_VERSION def test_nothing(): diff --git a/tests/integrationv2/test_npn.py b/tests/integrationv2/test_npn.py index 97dba412d54..a2bf43e861d 100644 --- a/tests/integrationv2/test_npn.py +++ b/tests/integrationv2/test_npn.py @@ -3,7 +3,6 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, Protocols -from fixtures import managed_process from providers import OpenSSL, S2N, Provider from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_ocsp.py b/tests/integrationv2/test_ocsp.py index fe9b1894327..5b2972ff38a 100644 --- a/tests/integrationv2/test_ocsp.py +++ b/tests/integrationv2/test_ocsp.py @@ -1,10 +1,9 @@ import pytest from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, PROTOCOLS -from common import ProviderOptions, Protocols, data_bytes, Certificates -from fixtures import managed_process +from common import ProviderOptions, data_bytes, Certificates from constants import TEST_OCSP_DIRECTORY -from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS +from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name from global_flags import get_flag, S2N_PROVIDER_VERSION diff --git a/tests/integrationv2/test_pq_handshake.py b/tests/integrationv2/test_pq_handshake.py index aa0668823b1..749e742dbea 100644 --- a/tests/integrationv2/test_pq_handshake.py +++ b/tests/integrationv2/test_pq_handshake.py @@ -1,12 +1,11 @@ import pytest import os -from configuration import available_ports, PROVIDERS, PROTOCOLS -from common import Ciphers, ProviderOptions, Protocols, data_bytes, KemGroups, Certificates, pq_enabled -from fixtures import managed_process +from configuration import available_ports +from common import Ciphers, ProviderOptions, Protocols, KemGroups, Certificates, pq_enabled from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes -from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE +from global_flags import get_flag, S2N_PROVIDER_VERSION CIPHERS = [ None, # `None` will default to the appropriate `test_all` cipher preference in the S2N client provider diff --git a/tests/integrationv2/test_renegotiate.py b/tests/integrationv2/test_renegotiate.py index b970d1a6af2..d78ed54d858 100644 --- a/tests/integrationv2/test_renegotiate.py +++ b/tests/integrationv2/test_renegotiate.py @@ -3,8 +3,7 @@ import random from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS -from common import ProviderOptions, Protocols, Curves -from fixtures import managed_process +from common import ProviderOptions, Protocols from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name diff --git a/tests/integrationv2/test_renegotiate_apache.py b/tests/integrationv2/test_renegotiate_apache.py index 4f3b231cf53..a9551e7ccbf 100644 --- a/tests/integrationv2/test_renegotiate_apache.py +++ b/tests/integrationv2/test_renegotiate_apache.py @@ -3,7 +3,6 @@ from configuration import ALL_TEST_CURVES from common import ProviderOptions -from fixtures import managed_process from providers import Provider, S2N from utils import invalid_test_parameters, get_parameter_name from constants import TEST_CERT_DIRECTORY diff --git a/tests/integrationv2/test_session_resumption.py b/tests/integrationv2/test_session_resumption.py index 9e32250cfcc..bb6b107fce2 100644 --- a/tests/integrationv2/test_session_resumption.py +++ b/tests/integrationv2/test_session_resumption.py @@ -1,11 +1,9 @@ import copy import os import pytest -import time from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS, TLS13_CIPHERS from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_signature_algorithms.py b/tests/integrationv2/test_signature_algorithms.py index 219eb58ffd1..1f00bdccd3c 100644 --- a/tests/integrationv2/test_signature_algorithms.py +++ b/tests/integrationv2/test_signature_algorithms.py @@ -1,9 +1,8 @@ import copy import pytest -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS -from common import ProviderOptions, Protocols, Ciphers, Certificates, Signatures, data_bytes -from fixtures import managed_process +from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CERTS +from common import ProviderOptions, Protocols, Certificates, Signatures, data_bytes from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_sni_match.py b/tests/integrationv2/test_sni_match.py index c4eb7a6386f..e9edb69d000 100644 --- a/tests/integrationv2/test_sni_match.py +++ b/tests/integrationv2/test_sni_match.py @@ -1,9 +1,7 @@ -import copy import pytest -from configuration import available_ports, MULTI_CERT_TEST_CASES, PROVIDERS, PROTOCOLS -from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process +from configuration import available_ports, MULTI_CERT_TEST_CASES +from common import ProviderOptions, Protocols from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_sslyze.py b/tests/integrationv2/test_sslyze.py index e881e818bd3..618612a5e50 100644 --- a/tests/integrationv2/test_sslyze.py +++ b/tests/integrationv2/test_sslyze.py @@ -3,12 +3,11 @@ import abc from enum import Enum, auto -from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CERTS -from common import ProviderOptions, Protocols, Cipher, Ciphers, Certificates, Curves -from fixtures import managed_process +from configuration import available_ports, ALL_TEST_CERTS +from common import ProviderOptions, Protocols, Cipher, Ciphers, Curves from providers import S2N from utils import get_parameter_name, invalid_test_parameters -from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE +from global_flags import get_flag, S2N_PROVIDER_VERSION HOST = "127.0.0.1" diff --git a/tests/integrationv2/test_version_negotiation.py b/tests/integrationv2/test_version_negotiation.py index 769f9523cc3..978cbd5ded7 100644 --- a/tests/integrationv2/test_version_negotiation.py +++ b/tests/integrationv2/test_version_negotiation.py @@ -3,7 +3,6 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes -from fixtures import managed_process from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, get_expected_openssl_version, \ to_bytes, get_expected_gnutls_version diff --git a/tests/integrationv2/test_well_known_endpoints.py b/tests/integrationv2/test_well_known_endpoints.py index 8f22d419945..22e71ddeb40 100644 --- a/tests/integrationv2/test_well_known_endpoints.py +++ b/tests/integrationv2/test_well_known_endpoints.py @@ -1,9 +1,8 @@ import pytest from constants import TRUST_STORE_BUNDLE -from configuration import available_ports, PROTOCOLS -from common import ProviderOptions, Protocols, Ciphers, pq_enabled -from fixtures import managed_process +from configuration import PROTOCOLS +from common import ProviderOptions, Ciphers, pq_enabled from global_flags import get_flag, S2N_FIPS_MODE from providers import Provider, S2N from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/utils.py b/tests/integrationv2/utils.py index 35959951e3d..44b270b25cf 100644 --- a/tests/integrationv2/utils.py +++ b/tests/integrationv2/utils.py @@ -1,6 +1,6 @@ -from common import Protocols, Curves, Ciphers -from providers import S2N, OpenSSL -from global_flags import get_flag, S2N_FIPS_MODE, S2N_PROVIDER_VERSION +from common import Protocols +from providers import S2N +from global_flags import get_flag, S2N_FIPS_MODE def to_bytes(val): diff --git a/tests/sidetrail/bin/bpl_trace_to_c.py b/tests/sidetrail/bin/bpl_trace_to_c.py index 6524ab28076..e730ec1a7df 100755 --- a/tests/sidetrail/bin/bpl_trace_to_c.py +++ b/tests/sidetrail/bin/bpl_trace_to_c.py @@ -2,7 +2,6 @@ import sys import re -from pprint import pprint args = sys.argv[1:] assert len(args) == 2, "usage is " From 0c532dd1f1a5879f28d0b81e7c3f5eb6f6b013a5 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Fri, 18 Nov 2022 20:14:23 +0000 Subject: [PATCH 09/13] another batch + bringing back fixture --- scripts/s2n_safety_macros.py | 5 ++--- tests/integrationv2/providers.py | 10 +++++----- tests/integrationv2/test_buffered_send.py | 1 + tests/integrationv2/test_client_authentication.py | 1 + tests/integrationv2/test_cross_compatibility.py | 1 + tests/integrationv2/test_dynamic_record_sizes.py | 1 + tests/integrationv2/test_early_data.py | 1 + tests/integrationv2/test_external_psk.py | 1 + tests/integrationv2/test_fragmentation.py | 1 + tests/integrationv2/test_happy_path.py | 1 + tests/integrationv2/test_hello_retry_requests.py | 1 + tests/integrationv2/test_key_update.py | 1 + tests/integrationv2/test_npn.py | 1 + tests/integrationv2/test_ocsp.py | 1 + tests/integrationv2/test_pq_handshake.py | 1 + tests/integrationv2/test_renegotiate.py | 1 + tests/integrationv2/test_renegotiate_apache.py | 1 + tests/integrationv2/test_session_resumption.py | 1 + tests/integrationv2/test_signature_algorithms.py | 1 + tests/integrationv2/test_sni_match.py | 1 + tests/integrationv2/test_sslyze.py | 1 + tests/integrationv2/test_version_negotiation.py | 1 + tests/integrationv2/test_well_known_endpoints.py | 1 + 23 files changed, 28 insertions(+), 8 deletions(-) diff --git a/scripts/s2n_safety_macros.py b/scripts/s2n_safety_macros.py index b557ed17a20..ba54fa21705 100644 --- a/scripts/s2n_safety_macros.py +++ b/scripts/s2n_safety_macros.py @@ -737,9 +737,8 @@ def cleanup(contents): def write(f, contents): contents = cleanup(contents) - header_file = open(f, "w") - header_file.write(contents) - header_file.close() + with open(f, "w") as header_file: + header_file.write(contents) write("utils/s2n_safety_macros.h", header) diff --git a/tests/integrationv2/providers.py b/tests/integrationv2/providers.py index 47fa17d426b..dd87421a446 100644 --- a/tests/integrationv2/providers.py +++ b/tests/integrationv2/providers.py @@ -1,7 +1,7 @@ import pytest import threading -from common import ProviderOptions, Ciphers, Curves, Protocols, Certificates, Signatures +from common import ProviderOptions, Ciphers, Curves, Protocols, Signatures from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE @@ -66,22 +66,22 @@ def setup_server(self): raise NotImplementedError @classmethod - def get_send_marker(self): + def get_send_marker(cls): """ This should be the last message printed before the client/server can send data. """ return None @classmethod - def supports_protocol(self, protocol, with_cert=None): + def supports_protocol(cls, protocol, with_cert=None): raise NotImplementedError @classmethod - def supports_cipher(self, cipher, with_curve=None): + def supports_cipher(cls, cipher, with_curve=None): raise NotImplementedError @classmethod - def supports_signature(self, signature): + def supports_signature(cls, signature): return True def get_cmd_line(self): diff --git a/tests/integrationv2/test_buffered_send.py b/tests/integrationv2/test_buffered_send.py index 9abc2544687..fe4a300f84b 100644 --- a/tests/integrationv2/test_buffered_send.py +++ b/tests/integrationv2/test_buffered_send.py @@ -2,6 +2,7 @@ from configuration import available_ports, PROTOCOLS, ALL_TEST_CIPHERS, MINIMAL_TEST_CERTS from common import ProviderOptions, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, to_bytes, to_string diff --git a/tests/integrationv2/test_client_authentication.py b/tests/integrationv2/test_client_authentication.py index e9db6dcdc3c..f19d94cb8b7 100644 --- a/tests/integrationv2/test_client_authentication.py +++ b/tests/integrationv2/test_client_authentication.py @@ -3,6 +3,7 @@ from configuration import (available_ports, ALL_TEST_CIPHERS, PROTOCOLS) from common import Certificates, ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_cross_compatibility.py b/tests/integrationv2/test_cross_compatibility.py index c985abf12f9..c0d9b8f1ddf 100644 --- a/tests/integrationv2/test_cross_compatibility.py +++ b/tests/integrationv2/test_cross_compatibility.py @@ -4,6 +4,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_dynamic_record_sizes.py b/tests/integrationv2/test_dynamic_record_sizes.py index 18f422028ff..76e02f67451 100644 --- a/tests/integrationv2/test_dynamic_record_sizes.py +++ b/tests/integrationv2/test_dynamic_record_sizes.py @@ -3,6 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, Tcpdump from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_early_data.py b/tests/integrationv2/test_early_data.py index 0f9f7a90cdd..9caebfb8d9c 100644 --- a/tests/integrationv2/test_early_data.py +++ b/tests/integrationv2/test_early_data.py @@ -4,6 +4,7 @@ from configuration import available_ports, ALL_TEST_CURVES, ALL_TEST_CERTS, TLS13_CIPHERS from common import ProviderOptions, Protocols, Curves, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N as S2NBase, OpenSSL as OpenSSLBase from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_external_psk.py b/tests/integrationv2/test_external_psk.py index 01c191717a5..809a2b49305 100644 --- a/tests/integrationv2/test_external_psk.py +++ b/tests/integrationv2/test_external_psk.py @@ -2,6 +2,7 @@ from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes from enum import Enum, auto diff --git a/tests/integrationv2/test_fragmentation.py b/tests/integrationv2/test_fragmentation.py index e3953d7caef..5da6b7c6376 100644 --- a/tests/integrationv2/test_fragmentation.py +++ b/tests/integrationv2/test_fragmentation.py @@ -3,6 +3,7 @@ from configuration import available_ports, PROTOCOLS from common import ProviderOptions, Ciphers, Certificates, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_happy_path.py b/tests/integrationv2/test_happy_path.py index f03ec48857f..c823999a550 100644 --- a/tests/integrationv2/test_happy_path.py +++ b/tests/integrationv2/test_happy_path.py @@ -3,6 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_hello_retry_requests.py b/tests/integrationv2/test_hello_retry_requests.py index 2d7a90541e3..952d86ac332 100644 --- a/tests/integrationv2/test_hello_retry_requests.py +++ b/tests/integrationv2/test_hello_retry_requests.py @@ -4,6 +4,7 @@ from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes, Curves +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_key_update.py b/tests/integrationv2/test_key_update.py index 3c778e5c59b..d2aa319f161 100644 --- a/tests/integrationv2/test_key_update.py +++ b/tests/integrationv2/test_key_update.py @@ -3,6 +3,7 @@ from configuration import available_ports, TLS13_CIPHERS from common import ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name diff --git a/tests/integrationv2/test_npn.py b/tests/integrationv2/test_npn.py index a2bf43e861d..fcfab2f61f2 100644 --- a/tests/integrationv2/test_npn.py +++ b/tests/integrationv2/test_npn.py @@ -3,6 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, Protocols +from fixtures import managed_process # lgtm [py/unused-import] from providers import OpenSSL, S2N, Provider from utils import invalid_test_parameters, get_parameter_name, to_bytes diff --git a/tests/integrationv2/test_ocsp.py b/tests/integrationv2/test_ocsp.py index 5b2972ff38a..9161828543b 100644 --- a/tests/integrationv2/test_ocsp.py +++ b/tests/integrationv2/test_ocsp.py @@ -2,6 +2,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, PROTOCOLS from common import ProviderOptions, data_bytes, Certificates +from fixtures import managed_process # lgtm [py/unused-import] from constants import TEST_OCSP_DIRECTORY from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name diff --git a/tests/integrationv2/test_pq_handshake.py b/tests/integrationv2/test_pq_handshake.py index 749e742dbea..0df38b46646 100644 --- a/tests/integrationv2/test_pq_handshake.py +++ b/tests/integrationv2/test_pq_handshake.py @@ -3,6 +3,7 @@ from configuration import available_ports from common import Ciphers, ProviderOptions, Protocols, KemGroups, Certificates, pq_enabled +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, to_bytes from global_flags import get_flag, S2N_PROVIDER_VERSION diff --git a/tests/integrationv2/test_renegotiate.py b/tests/integrationv2/test_renegotiate.py index d78ed54d858..83afdf869d9 100644 --- a/tests/integrationv2/test_renegotiate.py +++ b/tests/integrationv2/test_renegotiate.py @@ -4,6 +4,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, Protocols +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name diff --git a/tests/integrationv2/test_renegotiate_apache.py b/tests/integrationv2/test_renegotiate_apache.py index a9551e7ccbf..e440005fd54 100644 --- a/tests/integrationv2/test_renegotiate_apache.py +++ b/tests/integrationv2/test_renegotiate_apache.py @@ -3,6 +3,7 @@ from configuration import ALL_TEST_CURVES from common import ProviderOptions +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N from utils import invalid_test_parameters, get_parameter_name from constants import TEST_CERT_DIRECTORY diff --git a/tests/integrationv2/test_session_resumption.py b/tests/integrationv2/test_session_resumption.py index bb6b107fce2..fda8e334b82 100644 --- a/tests/integrationv2/test_session_resumption.py +++ b/tests/integrationv2/test_session_resumption.py @@ -4,6 +4,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS, TLS13_CIPHERS from common import ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_signature_algorithms.py b/tests/integrationv2/test_signature_algorithms.py index 1f00bdccd3c..11a974f7774 100644 --- a/tests/integrationv2/test_signature_algorithms.py +++ b/tests/integrationv2/test_signature_algorithms.py @@ -3,6 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CERTS from common import ProviderOptions, Protocols, Certificates, Signatures, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_sni_match.py b/tests/integrationv2/test_sni_match.py index e9edb69d000..c161cb0fc5a 100644 --- a/tests/integrationv2/test_sni_match.py +++ b/tests/integrationv2/test_sni_match.py @@ -2,6 +2,7 @@ from configuration import available_ports, MULTI_CERT_TEST_CASES from common import ProviderOptions, Protocols +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_sslyze.py b/tests/integrationv2/test_sslyze.py index 618612a5e50..99ba33a9ee7 100644 --- a/tests/integrationv2/test_sslyze.py +++ b/tests/integrationv2/test_sslyze.py @@ -5,6 +5,7 @@ from configuration import available_ports, ALL_TEST_CERTS from common import ProviderOptions, Protocols, Cipher, Ciphers, Curves +from fixtures import managed_process # lgtm [py/unused-import] from providers import S2N from utils import get_parameter_name, invalid_test_parameters from global_flags import get_flag, S2N_PROVIDER_VERSION diff --git a/tests/integrationv2/test_version_negotiation.py b/tests/integrationv2/test_version_negotiation.py index 978cbd5ded7..0eac79d8612 100644 --- a/tests/integrationv2/test_version_negotiation.py +++ b/tests/integrationv2/test_version_negotiation.py @@ -3,6 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS from common import ProviderOptions, Protocols, data_bytes +from fixtures import managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, GnuTLS from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, get_expected_openssl_version, \ to_bytes, get_expected_gnutls_version diff --git a/tests/integrationv2/test_well_known_endpoints.py b/tests/integrationv2/test_well_known_endpoints.py index 22e71ddeb40..90dadf72f2f 100644 --- a/tests/integrationv2/test_well_known_endpoints.py +++ b/tests/integrationv2/test_well_known_endpoints.py @@ -3,6 +3,7 @@ from constants import TRUST_STORE_BUNDLE from configuration import PROTOCOLS from common import ProviderOptions, Ciphers, pq_enabled +from fixtures import managed_process # lgtm [py/unused-import] from global_flags import get_flag, S2N_FIPS_MODE from providers import Provider, S2N from utils import invalid_test_parameters, get_parameter_name, to_bytes From 25a4cea22425e3d3918f0cd91999e60fd7e8f4b6 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Fri, 18 Nov 2022 20:42:22 +0000 Subject: [PATCH 10/13] fix regex alert --- tests/integrationv2/test_dynamic_record_sizes.py | 2 +- tests/integrationv2/test_hello_retry_requests.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integrationv2/test_dynamic_record_sizes.py b/tests/integrationv2/test_dynamic_record_sizes.py index 76e02f67451..374359709a2 100644 --- a/tests/integrationv2/test_dynamic_record_sizes.py +++ b/tests/integrationv2/test_dynamic_record_sizes.py @@ -3,7 +3,7 @@ from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS from common import ProviderOptions, data_bytes -from fixtures import managed_process # lgtm [py/unused-import] +from fixtures import custom_mtu, managed_process # lgtm [py/unused-import] from providers import Provider, S2N, OpenSSL, Tcpdump from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes diff --git a/tests/integrationv2/test_hello_retry_requests.py b/tests/integrationv2/test_hello_retry_requests.py index 952d86ac332..8a9a740f18e 100644 --- a/tests/integrationv2/test_hello_retry_requests.py +++ b/tests/integrationv2/test_hello_retry_requests.py @@ -78,7 +78,7 @@ def test_hrr_with_s2n_as_client(managed_process, cipher, provider, other_provide results.assert_success() assert marker_part1 in results.stdout and marker_part2 in results.stdout # The "test_all" s2n security policy includes draft Hybrid PQ groups that Openssl server prints as hex values - assert re.search(b'Supported Elliptic Groups: [0x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None + assert re.search(b'Supported Elliptic Groups: [x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None assert to_bytes("Shared Elliptic groups: {}".format( server_options.curve)) in results.stdout assert random_bytes in results.stdout @@ -194,7 +194,7 @@ def test_hrr_with_default_keyshare(managed_process, cipher, provider, other_prov results.assert_success() assert marker_part1 in results.stdout and marker_part2 in results.stdout # The "test_all" s2n security policy includes draft Hybrid PQ groups that Openssl server prints as hex values - assert re.search(b'Supported Elliptic Groups: [0x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None + assert re.search(b'Supported Elliptic Groups: [x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None assert to_bytes("Shared Elliptic groups: {}".format( server_options.curve)) in results.stdout assert random_bytes in results.stdout From 1049fbfa23e1290106b35e1c99ad3035cf4189b4 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Fri, 18 Nov 2022 22:13:18 +0000 Subject: [PATCH 11/13] remove redundant early data var --- tests/integrationv2/test_early_data.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integrationv2/test_early_data.py b/tests/integrationv2/test_early_data.py index 9caebfb8d9c..f4400e5fd20 100644 --- a/tests/integrationv2/test_early_data.py +++ b/tests/integrationv2/test_early_data.py @@ -335,6 +335,7 @@ def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher, other_provider, early_data_size): ticket_file = str(tmp_path / TICKET_FILE) early_data_file = str(tmp_path / EARLY_DATA_FILE) + get_early_data_bytes(early_data_file, early_data_size) options = ProviderOptions( port=next(available_ports), From fabadb432d45caf2ae702a52cb627475b8fd4499 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Mon, 21 Nov 2022 21:03:20 +0000 Subject: [PATCH 12/13] abstract class suppressions --- tests/integrationv2/providers.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/integrationv2/providers.py b/tests/integrationv2/providers.py index dd87421a446..ec862147b6b 100644 --- a/tests/integrationv2/providers.py +++ b/tests/integrationv2/providers.py @@ -47,9 +47,9 @@ def __init__(self, options: ProviderOptions): self.options = options if self.options.mode == Provider.ServerMode: - self.cmd_line = self.setup_server() + self.cmd_line = self.setup_server() # lgtm [py/init-calls-subclass] elif self.options.mode == Provider.ClientMode: - self.cmd_line = self.setup_client() + self.cmd_line = self.setup_client() # lgtm [py/init-calls-subclass] def setup_client(self): """ @@ -141,7 +141,7 @@ class S2N(Provider): def __init__(self, options: ProviderOptions): Provider.__init__(self, options) - self.send_with_newline = True + self.send_with_newline = True # lgtm [py/overwritten-inherited-attribute] @classmethod def get_send_marker(cls): @@ -315,7 +315,7 @@ class OpenSSL(Provider): def __init__(self, options: ProviderOptions): Provider.__init__(self, options) # We print some OpenSSL logging that includes stderr - self.expect_stderr = True + self.expect_stderr = True # lgtm [py/overwritten-inherited-attribute] @classmethod def get_send_marker(cls): @@ -623,8 +623,8 @@ class GnuTLS(Provider): def __init__(self, options: ProviderOptions): Provider.__init__(self, options) - self.expect_stderr = True - self.send_with_newline = True + self.expect_stderr = True # lgtm [py/overwritten-inherited-attribute] + self.send_with_newline = True # lgtm [py/overwritten-inherited-attribute] @staticmethod def cipher_to_priority_str(cipher): From 1bbd659ae568d40b390b3b586d2ccaf0365d6585 Mon Sep 17 00:00:00 2001 From: Frank Lee <29711666+franklee26@users.noreply.github.com> Date: Wed, 30 Nov 2022 17:33:08 +0000 Subject: [PATCH 13/13] add new line --- .github/codeql-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml index a2fd22db6cf..ed1719dbf6e 100644 --- a/.github/codeql-config.yml +++ b/.github/codeql-config.yml @@ -1,4 +1,4 @@ name: "S2N CodeQL Config" paths-ignore: - - tests/integration \ No newline at end of file + - tests/integration