Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CodeQL workflow for GitHub code scanning #3601

Merged
merged 21 commits into from
Dec 3, 2022
Merged

Add CodeQL workflow for GitHub code scanning #3601

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d0e7951
Add CodeQL workflow for GitHub code scanning
lgtm-migrator Nov 8, 2022
ef88cf0
Merge branch 'main' into codeql
dougch Nov 10, 2022
5f88dc1
Change language to c
goatgoose Nov 10, 2022
70fd36f
Perfomance experiment with CodeQL !fixme .github/workflows/codeql.yml
harrisonkaiser Nov 11, 2022
37b55a3
Experiment with performance
harrisonkaiser Nov 11, 2022
e735b4f
Revert Experiment
harrisonkaiser Nov 11, 2022
ca06eb3
Enabling for python only
Nov 17, 2022
3230681
Merge branch 'main' into codeql
franklee26 Nov 17, 2022
7fa0e34
testing ignoring path of integv1
Nov 18, 2022
386decb
Merge branch 'codeql' of https://github.com/lgtm-migrator/s2n-tls int…
Nov 18, 2022
51611c8
Excluding old integration tests + first batch of codeql alert fixes
franklee26 Nov 18, 2022
0c532dd
another batch + bringing back fixture
franklee26 Nov 18, 2022
25a4cea
fix regex alert
franklee26 Nov 18, 2022
1049fbf
remove redundant early data var
franklee26 Nov 18, 2022
fabadb4
abstract class suppressions
franklee26 Nov 21, 2022
1bbd659
add new line
franklee26 Nov 30, 2022
121e2ab
Merge branch 'main' into codeql
franklee26 Nov 30, 2022
fffcc7b
Merge branch 'main' into codeql
franklee26 Dec 1, 2022
c2cfb4a
Merge branch 'main' into codeql
dougch Dec 2, 2022
21cf4ae
resolve merge conflict
franklee26 Dec 3, 2022
4148758
Merge branch 'main' into codeql
franklee26 Dec 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/codeql-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
name: "S2N CodeQL Config"

paths-ignore:
- tests/integration
48 changes: 48 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: "CodeQL - Python"

on:
push:
branches: [ "main" ]
paths-ignore:
- '**/tests/integration/*'
pull_request:
branches: [ "main" ]
paths-ignore:
- '**/tests/integration/*'
schedule:
- cron: "1 18 * * 0"

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
# Disabling c analysis (for now) as this takes ~2 hours to complete
language: [ python ]

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality
Copy link
Contributor

@harrisonkaiser harrisonkaiser Nov 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The output below shows where the bulk (a little over 2 hours out of 2 and a half) of the time is being spent:

2022-11-10T23:37:10.4552437Z [133/163 eval 4.2s] Evaluation done; writing results to codeql/cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.bqrs.
2022-11-11T01:33:04.5614247Z [134/163 eval 116m25s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-807/TaintedCondition.bqrs.
2022-11-11T01:33:04.5627544Z [135/163 eval 116m29s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-611/XXE.bqrs.
2022-11-11T01:33:04.5641945Z [136/163 eval 116m32s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-497/ExposedSystemData.bqrs.
2022-11-11T01:33:04.5647568Z [137/163 eval 117m21s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-311/CleartextBufferWrite.bqrs.
2022-11-11T01:33:04.5660325Z [138/163 eval 118m40s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-290/AuthenticationBypass.bqrs.
2022-11-11T01:33:04.5665385Z [139/163 eval 119m3s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-190/TaintedAllocationSize.bqrs.
2022-11-11T01:33:04.5666226Z [140/163 eval 117m21s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-295/SSLResultNotChecked.bqrs.
2022-11-11T01:33:04.5667010Z [141/163 eval 119m17s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-190/ArithmeticUncontrolled.bqrs.
2022-11-11T01:33:04.5675300Z [142/163 eval 119m17s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.bqrs.
2022-11-11T01:33:04.5676246Z [143/163 eval 119m17s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-134/UncontrolledFormatString.bqrs.
2022-11-11T01:33:04.5680217Z [144/163 eval 121m44s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-120/UnboundedWrite.bqrs.
2022-11-11T01:33:04.5685386Z [145/163 eval 123m8s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-114/UncontrolledProcessOperation.bqrs.
2022-11-11T01:33:04.5694837Z [146/163 eval 123m8s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-089/SqlTainted.bqrs.
2022-11-11T01:33:04.5695551Z [147/163 eval 123m8s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-079/CgiXss.bqrs.
2022-11-11T01:33:04.5701766Z [148/163 eval 123m10s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-078/ExecTainted.bqrs.
2022-11-11T01:33:04.5712162Z [149/163 eval 123m23s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-022/TaintedPath.bqrs.
2022-11-11T01:33:04.5715935Z [150/163 eval 116m52s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-326/InsufficientKeySize.bqrs.
2022-11-11T01:33:04.5721408Z [151/163 eval 123m47s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/OO/UnsafeUseOfThis.bqrs.
2022-11-11T01:33:04.5726813Z [152/163 eval 124m31s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.bqrs.
2022-11-11T01:33:04.5735540Z [153/163 eval 123m48s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Memory Management/UsingExpiredStackAddress.bqrs.
2022-11-11T01:33:04.5737839Z [154/163 eval 136m12s] Evaluation done; writing results to codeql/cpp-queries/Critical/MissingCheckScanf.bqrs.
2022-11-11T01:33:04.5742320Z [155/163 eval 116m22s] Evaluation done; writing results to codeql/cpp-queries/jsf/4.10 Classes/AV Rule 79.bqrs.
2022-11-11T01:33:04.5753832Z [156/163 eval 116m29s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.bqrs.
2022-11-11T01:33:04.5754816Z [157/163 eval 116m55s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-319/UseOfHttp.bqrs.
2022-11-11T01:33:04.5760300Z [158/163 eval 117m17s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-311/CleartextFileWrite.bqrs.
2022-11-11T01:33:04.5764214Z [159/163 eval 124m3s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.bqrs.
2022-11-11T01:33:04.5769561Z [160/163 eval 124m3s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.bqrs.
2022-11-11T01:33:04.5773073Z [161/163 eval 124m31s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Memory Management/PointerOverflow.bqrs.
2022-11-11T01:33:04.5774023Z [162/163 eval 127m42s] Evaluation done; writing results to codeql/cpp-queries/Likely Bugs/Arithmetic/SignedOverflowCheck.bqrs.
2022-11-11T01:33:35.7868684Z [163/163 eval 117m3s] Evaluation done; writing results to codeql/cpp-queries/Security/CWE/CWE-497/PotentiallyExposedSystemData.bqrs.

Here is a list of the id's of the above long running evaluations to be considered for potential exclusion:

cpp/bad-strncpy-size
cpp/certificate-not-checked
cpp/cgi-xss
cpp/cleartext-storage-buffer
cpp/cleartext-storage-file
cpp/command-line-injection
cpp/external-entity-expansion
cpp/incorrect-allocation-error-handling
cpp/insufficient-key-size
cpp/missing-check-scanf
cpp/non-https-url
cpp/path-injection
cpp/pointer-overflow-check
cpp/potential-system-data-exposure
cpp/resource-not-released-in-destructor
cpp/return-stack-allocated-memory
cpp/signed-overflow-check
cpp/sql-injection
cpp/system-data-exposure
cpp/tainted-format-string
cpp/tainted-format-string-through-global
cpp/tainted-permissions-check
cpp/unbounded-write
cpp/uncontrolled-allocation-size
cpp/uncontrolled-arithmetic
cpp/uncontrolled-process-operation
cpp/unsafe-strncat
cpp/unsafe-use-of-this
cpp/user-controlled-bypass
cpp/using-expired-stack-address

Here is the mapping of ql files to ids:

./codeql/cpp/ql/src/Critical/MissingCheckScanf.ql:cpp/missing-check-scanf
./codeql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql:cpp/signed-overflow-check
./codeql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql:cpp/pointer-overflow-check
./codeql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql:cpp/return-stack-allocated-memory
./codeql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql:cpp/bad-strncpy-size
./codeql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql:cpp/unsafe-strncat
./codeql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql:cpp/using-expired-stack-address
./codeql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql:cpp/unsafe-use-of-this
./codeql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql:cpp/path-injection
./codeql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql:cpp/command-line-injection
./codeql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql:cpp/cgi-xss
./codeql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql:cpp/sql-injection
./codeql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql:cpp/uncontrolled-process-operation
./codeql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql:cpp/unbounded-write
./codeql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql:cpp/tainted-format-string
./codeql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql:cpp/tainted-format-string-through-global
./codeql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql:cpp/uncontrolled-arithmetic
./codeql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql:cpp/uncontrolled-allocation-size
./codeql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql:cpp/user-controlled-bypass
./codeql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql:cpp/certificate-not-checked
./codeql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql:cpp/cleartext-storage-buffer
./codeql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql:cpp/cleartext-storage-file
./codeql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql:cpp/non-https-url
./codeql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql:cpp/insufficient-key-size
./codeql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql:cpp/system-data-exposure
./codeql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql:cpp/potential-system-data-exposure
./codeql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql:cpp/incorrect-allocation-error-handling
./codeql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql:cpp/external-entity-expansion
./codeql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql:cpp/tainted-permissions-check
./codeql/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql:cpp/resource-not-released-in-destructor

They are all of kind path-problem or problem.

./codeql/cpp/ql/src/Critical/MissingCheckScanf.ql:problem
./codeql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql:problem
./codeql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql:problem
./codeql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql:path-problem
./codeql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql:problem
./codeql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql:problem
./codeql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql:path-problem
./codeql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql:problem
./codeql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql:problem
./codeql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql:path-problem
./codeql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql:path-problem
./codeql/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql:problem

Copy link
Contributor

@harrisonkaiser harrisonkaiser Nov 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This list of analyses that seemed to have taken the longest amount of time. We should review the wisdom of disabling them.

  • Does this suggested commit reduce the time taken by 2hrs (to 30 minutes)
  • Can exclude only a subset of this list and achieve the same performance results?
  • Evaluate this list for things we should not exclude.
  • Look for other ways of reducing the run time.
  • Consider a running more expensive checks on a schedule (as suggested by @goatgoose in a comment that appears to have been deleted)

Copy link
Contributor

@goatgoose goatgoose Nov 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could also potentially have separate configurations for pushes and PRs. The PR configuration could include the cheap checks which is hopefully style related stuff, and the push could check for everything else that we could add afterwards.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. We can run the more expensive checks on a schedule.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this PR is (now?) focused on Python, it might make sense to move these comments to another issue where we can track what's needed for the C checks.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, we're tracking this here: #3636. I'll move the notes over there

config-file: ./.github/codeql-config.yml

- name: Autobuild
uses: github/codeql-action/autobuild@v2
if: ${{ matrix.language == 'c' || matrix.language == 'python' }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{ matrix.language }}"
5 changes: 2 additions & 3 deletions scripts/s2n_safety_macros.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -739,9 +739,8 @@ def cleanup(contents):

def write(f, contents):
contents = cleanup(contents)
header_file = open(f, "w")
header_file.write(contents)
header_file.close()
with open(f, "w") as header_file:
header_file.write(contents)

write("utils/s2n_safety_macros.h", header)

Expand Down
1 change: 0 additions & 1 deletion tests/integrationv2/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import os
import re
import subprocess
import string
import threading
import itertools

Expand Down
2 changes: 1 addition & 1 deletion tests/integrationv2/configuration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

from common import Certificates, Ciphers, Curves, Protocols, AvailablePorts
from constants import TEST_SNI_CERT_DIRECTORY
from providers import S2N, OpenSSL, BoringSSL, JavaSSL
from providers import S2N, OpenSSL, JavaSSL


# The boolean configuration will let a test run for True and False
Expand Down
1 change: 0 additions & 1 deletion tests/integrationv2/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import pytest
from global_flags import set_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE, S2N_NO_PQ


Expand Down
4 changes: 1 addition & 3 deletions tests/integrationv2/fixtures.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
import os
import pytest
import subprocess
import threading
import time

from processes import ManagedProcess
from providers import Provider
from common import ProviderOptions, Protocols
from common import ProviderOptions


@pytest.fixture
Expand Down
1 change: 0 additions & 1 deletion tests/integrationv2/processes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import time
import os
import select
import selectors
Expand Down
14 changes: 7 additions & 7 deletions tests/integrationv2/providers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import pytest
import threading

from common import ProviderOptions, Ciphers, Curves, Protocols, Certificates, Signatures
from common import ProviderOptions, Ciphers, Curves, Protocols, Signatures
from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE


Expand Down Expand Up @@ -47,9 +47,9 @@ def __init__(self, options: ProviderOptions):

self.options = options
if self.options.mode == Provider.ServerMode:
self.cmd_line = self.setup_server()
self.cmd_line = self.setup_server() # lgtm [py/init-calls-subclass]
elif self.options.mode == Provider.ClientMode:
self.cmd_line = self.setup_client()
self.cmd_line = self.setup_client() # lgtm [py/init-calls-subclass]

def setup_client(self):
"""
Expand Down Expand Up @@ -141,7 +141,7 @@ class S2N(Provider):
def __init__(self, options: ProviderOptions):
Provider.__init__(self, options)

self.send_with_newline = True
self.send_with_newline = True # lgtm [py/overwritten-inherited-attribute]

@classmethod
def get_send_marker(cls):
Expand Down Expand Up @@ -315,7 +315,7 @@ class OpenSSL(Provider):
def __init__(self, options: ProviderOptions):
Provider.__init__(self, options)
# We print some OpenSSL logging that includes stderr
self.expect_stderr = True
self.expect_stderr = True # lgtm [py/overwritten-inherited-attribute]

@classmethod
def get_send_marker(cls):
Expand Down Expand Up @@ -623,8 +623,8 @@ class GnuTLS(Provider):
def __init__(self, options: ProviderOptions):
Provider.__init__(self, options)

self.expect_stderr = True
self.send_with_newline = True
self.expect_stderr = True # lgtm [py/overwritten-inherited-attribute]
self.send_with_newline = True # lgtm [py/overwritten-inherited-attribute]

@staticmethod
def cipher_to_priority_str(cipher):
Expand Down
7 changes: 2 additions & 5 deletions tests/integrationv2/test_client_authentication.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
import copy
import os
import pytest
import time

from configuration import (available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES,
ALL_TEST_CERTS, PROTOCOLS)
from configuration import (available_ports, ALL_TEST_CIPHERS, PROTOCOLS)
from common import Certificates, ProviderOptions, Protocols, data_bytes
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
4 changes: 2 additions & 2 deletions tests/integrationv2/test_cross_compatibility.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
import copy
import os

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS
from common import ProviderOptions, Protocols, data_bytes
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, to_bytes

Expand Down
9 changes: 3 additions & 6 deletions tests/integrationv2/test_dynamic_record_sizes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
import copy
import os
import pytest
import subprocess
import time

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROVIDERS, PROTOCOLS
from common import ProviderOptions, data_bytes, Protocols
from fixtures import managed_process, custom_mtu
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS
from common import ProviderOptions, data_bytes
from fixtures import custom_mtu, managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL, Tcpdump
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
9 changes: 3 additions & 6 deletions tests/integrationv2/test_early_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
import copy
import os
import pytest
import time
from enum import Enum
from collections import namedtuple

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS, TLS13_CIPHERS
from configuration import available_ports, ALL_TEST_CURVES, ALL_TEST_CERTS, TLS13_CIPHERS
from common import ProviderOptions, Protocols, Curves, data_bytes
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N as S2NBase, OpenSSL as OpenSSLBase
from utils import invalid_test_parameters, get_parameter_name, to_bytes

Expand Down Expand Up @@ -338,7 +335,7 @@ def test_s2n_server_with_early_data_rejected(managed_process, tmp_path, cipher,
other_provider, early_data_size):
ticket_file = str(tmp_path / TICKET_FILE)
early_data_file = str(tmp_path / EARLY_DATA_FILE)
early_data = get_early_data_bytes(early_data_file, early_data_size)
get_early_data_bytes(early_data_file, early_data_size)

options = ProviderOptions(
port=next(available_ports),
Expand Down
5 changes: 2 additions & 3 deletions tests/integrationv2/test_external_psk.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
import copy
import pytest

from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS
from common import ProviderOptions, Protocols, data_bytes
from fixtures import managed_process
from providers import Provider, S2N, OpenSSL
from fixtures import managed_process # lgtm [py/unused-import]
from providers import S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, to_bytes
from enum import Enum, auto

Expand Down
2 changes: 1 addition & 1 deletion tests/integrationv2/test_fragmentation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from configuration import available_ports, PROTOCOLS
from common import ProviderOptions, Ciphers, Certificates, data_bytes
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL, GnuTLS
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
6 changes: 3 additions & 3 deletions tests/integrationv2/test_happy_path.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
import copy
import pytest

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROVIDERS, PROTOCOLS
from common import ProviderOptions, Protocols, data_bytes
from fixtures import managed_process
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS
from common import ProviderOptions, data_bytes
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
8 changes: 3 additions & 5 deletions tests/integrationv2/test_hello_retry_requests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
import copy
import os
import pytest
import re
import time

from configuration import available_ports, TLS13_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS
from common import ProviderOptions, Protocols, data_bytes, Curves
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, to_bytes

Expand Down Expand Up @@ -80,7 +78,7 @@ def test_hrr_with_s2n_as_client(managed_process, cipher, provider, other_provide
results.assert_success()
assert marker_part1 in results.stdout and marker_part2 in results.stdout
# The "test_all" s2n security policy includes draft Hybrid PQ groups that Openssl server prints as hex values
assert re.search(b'Supported Elliptic Groups: [0x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None
assert re.search(b'Supported Elliptic Groups: [x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None
assert to_bytes("Shared Elliptic groups: {}".format(
server_options.curve)) in results.stdout
assert random_bytes in results.stdout
Expand Down Expand Up @@ -196,7 +194,7 @@ def test_hrr_with_default_keyshare(managed_process, cipher, provider, other_prov
results.assert_success()
assert marker_part1 in results.stdout and marker_part2 in results.stdout
# The "test_all" s2n security policy includes draft Hybrid PQ groups that Openssl server prints as hex values
assert re.search(b'Supported Elliptic Groups: [0x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None
assert re.search(b'Supported Elliptic Groups: [x0-9A-F:]*X25519:P-256:P-384', results.stdout) is not None
assert to_bytes("Shared Elliptic groups: {}".format(
server_options.curve)) in results.stdout
assert random_bytes in results.stdout
5 changes: 2 additions & 3 deletions tests/integrationv2/test_key_update.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,10 @@
import pytest

from configuration import available_ports, TLS13_CIPHERS
from common import ProviderOptions, Protocols, data_bytes, Ciphers
from fixtures import managed_process
from common import ProviderOptions, Protocols, data_bytes
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name
from global_flags import get_flag, S2N_PROVIDER_VERSION


def test_nothing():
Expand Down
2 changes: 1 addition & 1 deletion tests/integrationv2/test_npn.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS
from common import ProviderOptions, Protocols
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import OpenSSL, S2N, Provider
from utils import invalid_test_parameters, get_parameter_name, to_bytes

Expand Down
6 changes: 3 additions & 3 deletions tests/integrationv2/test_ocsp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import pytest

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, PROTOCOLS
from common import ProviderOptions, Protocols, data_bytes, Certificates
from fixtures import managed_process
from common import ProviderOptions, data_bytes, Certificates
from fixtures import managed_process # lgtm [py/unused-import]
from constants import TEST_OCSP_DIRECTORY
from providers import Provider, S2N, OpenSSL, JavaSSL, GnuTLS
from providers import Provider, S2N, OpenSSL, GnuTLS
from utils import invalid_test_parameters, get_parameter_name
from global_flags import get_flag, S2N_PROVIDER_VERSION

Expand Down
8 changes: 4 additions & 4 deletions tests/integrationv2/test_pq_handshake.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
import pytest
import os

from configuration import available_ports, PROVIDERS, PROTOCOLS
from common import Ciphers, ProviderOptions, Protocols, data_bytes, KemGroups, Certificates, pq_enabled
from fixtures import managed_process
from configuration import available_ports
from common import Ciphers, ProviderOptions, Protocols, KemGroups, Certificates, pq_enabled
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, to_bytes
from global_flags import get_flag, S2N_PROVIDER_VERSION, S2N_FIPS_MODE
from global_flags import get_flag, S2N_PROVIDER_VERSION

CIPHERS = [
None, # `None` will default to the appropriate `test_all` cipher preference in the S2N client provider
Expand Down
4 changes: 2 additions & 2 deletions tests/integrationv2/test_renegotiate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
import random

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, MINIMAL_TEST_CERTS, PROTOCOLS
from common import ProviderOptions, Protocols, Curves
from fixtures import managed_process
from common import ProviderOptions, Protocols
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name

Expand Down
2 changes: 1 addition & 1 deletion tests/integrationv2/test_renegotiate_apache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

from configuration import ALL_TEST_CURVES
from common import ProviderOptions
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N
from utils import invalid_test_parameters, get_parameter_name
from constants import TEST_CERT_DIRECTORY
Expand Down
3 changes: 1 addition & 2 deletions tests/integrationv2/test_session_resumption.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
import copy
import os
import pytest
import time

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS, PROTOCOLS, TLS13_CIPHERS
from common import ProviderOptions, Protocols, data_bytes
from fixtures import managed_process
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
6 changes: 3 additions & 3 deletions tests/integrationv2/test_signature_algorithms.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
import copy
import pytest

from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CURVES, ALL_TEST_CERTS
from common import ProviderOptions, Protocols, Ciphers, Certificates, Signatures, data_bytes
from fixtures import managed_process
from configuration import available_ports, ALL_TEST_CIPHERS, ALL_TEST_CERTS
from common import ProviderOptions, Protocols, Certificates, Signatures, data_bytes
from fixtures import managed_process # lgtm [py/unused-import]
from providers import Provider, S2N, OpenSSL, GnuTLS
from utils import invalid_test_parameters, get_parameter_name, get_expected_s2n_version, to_bytes

Expand Down
Loading