Paranoid checks of configurations in order to prevent interposition cycles.

Author: trishankkarthik

tuf/interposition/README.md

@@ -32,7 +32,7 @@ def instancemethod( self, url, ... )
 
 ```javascript
 {
-    "network_locations": {
+    "configurations": {
         "seattle.cs.washington.edu": {
             "repository_directory": "client/",
             "repository_mirrors" : {
@@ -60,3 +60,8 @@ with regular expressions, TUF will work over any path under the given network
 location. However, if you do specify it, you are then telling TUF how to
 transform a specified path into another one, and TUF will *not* recognize any
 unspecified path for the given network location.
+
+## Limitations (at the time of writing)
+
+- The entire `urllib` or `urllib2` contract is not honoured.
+- Downloads are not thread safe.

tuf/interposition/__init__.py

@@ -90,7 +90,7 @@ def configure(
     Example of a TUF interposition configuration JSON object:
 
     {
-        "network_locations": {
+        "configurations": {
             "seattle.cs.washington.edu": {
                 "repository_directory": "client/",
                 "repository_mirrors" : {
@@ -118,20 +118,20 @@ def configure(
 
     INVALID_TUF_CONFIGURATION = "Invalid configuration for {network_location}!"
     INVALID_TUF_INTERPOSITION_JSON = "Invalid configuration in {filename}!"
-    NO_NETWORK_LOCATIONS = "No network locations found in configuration in {filename}!"
+    NO_CONFIGURATIONS = "No configurations found in configuration in {filename}!"
 
     try:
         with open( filename ) as tuf_interposition_json:
             tuf_interpositions = json.load( tuf_interposition_json )
-            network_locations = tuf_interpositions.get( "network_locations", {} )
+            configurations = tuf_interpositions.get( "configurations", {} )
 
             # TODO: more input sanity checks
-            if len( network_locations ) == 0:
+            if len( configurations ) == 0:
                 raise InvalidConfiguration(
-                    NO_NETWORK_LOCATIONS.format( filename = filename )
+                    NO_CONFIGURATIONS.format( filename = filename )
                 )
             else:
-                for network_location, configuration in network_locations.iteritems():
+                for network_location, configuration in configurations.iteritems():
                     try:
                         Updater.build_updater(
                             Configuration.load_from_json(

tuf/interposition/configuration.py

@@ -84,17 +84,34 @@ def load_from_json(
                     )
                 )
 
-        # Parse TUF server repository mirrors
+        # Parse TUF server repository mirrors.
         repository_mirrors = configuration[ "repository_mirrors" ]
+        repository_mirror_network_locations = set()
+
         for repository_mirror in repository_mirrors:
             mirror_configuration = repository_mirrors[ repository_mirror ]
             try:
                 url_prefix = mirror_configuration[ "url_prefix" ]
                 parsed_url = urlparse.urlparse( url_prefix )
                 mirror_hostname = parsed_url.hostname
                 mirror_port = parsed_url.port or 80
+                mirror_netloc = "{hostname}:{port}".format(
+                    hostname = mirror_hostname,
+                    port = mirror_port
+                )
+
                 # No single-edge cycle in interposition.
-                assert hostname != mirror_hostname or port != mirror_port
+                # GOOD: A -> { A:XYZ, ... }
+                # BAD: A -> { A, ... }
+                assert not ( mirror_hostname == hostname and mirror_port == port )
+
+                # Unique network location over repository mirrors.
+                # GOOD: A -> { A:X, A:Y, ... }
+                # BAD: A -> { A:X, A:X, ... }
+                assert mirror_netloc not in repository_mirror_network_locations
+
+                # Remember this mirror's network location to check the rest of the mirrors.
+                repository_mirror_network_locations.add( mirror_netloc )
             except:
                 error_message = INVALID_REPOSITORY_MIRROR.format(
                     repository_mirror = repository_mirror

tuf/interposition/updater.py

@@ -8,7 +8,7 @@
 import tuf.client.updater
 import tuf.conf
 
-from configuration import Configuration
+from configuration import Configuration, InvalidConfiguration
 from utility import Logger, InterpositionException
 
 
@@ -25,9 +25,10 @@ class Updater( object ):
     which you can get and use later.
     """
 
-    # A private collection of Updaters;
-    # network_location: str -> updater: Updater
+    # A private map of Updaters (network_location: str -> updater: Updater)
     __updaters = {}
+    # A private set of repository mirror hostnames
+    __repository_mirror_hostnames = set()
 
     def __init__( self, configuration ):
         self.configuration = configuration
@@ -42,13 +43,50 @@ def __init__( self, configuration ):
 
     @staticmethod
     def build_updater( configuration ):
+        INVALID_REPOSITORY_MIRROR = \
+            "Invalid repository mirror {repository_mirror}!"
+
+        # Updater has a "global" view of configurations, so it performs
+        # additional checks after Configuration's own local checks.
         assert isinstance( configuration, Configuration )
 
-        # Restrict each hostname to correspond to a single updater;
-        # this prevents interposition cycles, amongst other things.
+        # Restrict each (incoming, outgoing) hostname pair to be unique across
+        # configurations; this prevents interposition cycles, amongst other
+        # things.
+        # GOOD: A -> { A:X, A:Y, B, ... }, C -> { D }, ...
+        # BAD: A -> { B }, B -> { C }, C -> { A }, ...
         assert configuration.hostname not in Updater.__updaters
+        assert configuration.hostname not in Updater.__repository_mirror_hostnames
+
+        # Parse TUF server repository mirrors.
+        repository_mirrors = configuration.repository_mirrors
+        repository_mirror_hostnames = set()
+
+        for repository_mirror in repository_mirrors:
+            mirror_configuration = repository_mirrors[ repository_mirror ]
+            try:
+                url_prefix = mirror_configuration[ "url_prefix" ]
+                parsed_url = urlparse.urlparse( url_prefix )
+                mirror_hostname = parsed_url.hostname
+
+                # Restrict each (incoming, outgoing) hostname pair to be unique
+                # across configurations; this prevents interposition cycles,
+                # amongst other things.
+                assert mirror_hostname not in Updater.__updaters
+                assert mirror_hostname not in Updater.__repository_mirror_hostnames
+
+                # Remember this mirror's hostname for the next network_location.
+                repository_mirror_hostnames.add( mirror_hostname )
+            except:
+                error_message = INVALID_REPOSITORY_MIRROR.format(
+                    repository_mirror = repository_mirror
+                )
+                Logger.error( error_message )
+                raise InvalidConfiguration( error_message )
 
+        # If all is well, build and store an Updater, and remember hostnames.
         Updater.__updaters[ configuration.hostname ] = Updater( configuration )
+        Updater.__repository_mirror_hostnames.update( repository_mirror_hostnames )
 
     def download_target( self, target_filepath ):
         """Downloads target with TUF as a side effect."""

tuf/tests/system_tests/util_test_tools.py

@@ -347,7 +347,7 @@ def init_tuf(root_repo, url):
   # In order to implement interposition we need to have a config file with
   # the following dictionary JSON-serialized.
   # tuf_url: http://localhost:port/root_repo/tuf_repo/
-  interposition_dict = {"network_locations": 
+  interposition_dict = {"configurations":
                           {"localhost": 
                             {"repository_directory": tuf_client+'/',
                              "repository_mirrors" : 
@@ -397,4 +397,4 @@ def tuf_refresh_repo(root_repo, keyids):
   signerlib.build_release_file(keyids, metadata_dir)
 
   # Regenerate the 'timestamp.txt' metadata file.
-  signerlib.build_timestamp_file(keyids, metadata_dir)
+  signerlib.build_timestamp_file(keyids, metadata_dir)