diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_openpgp.py | 5 | ||||
| -rw-r--r-- | tests/test_recursiveloader.py | 7 | ||||
| -rw-r--r-- | tests/test_verify.py | 8 |
3 files changed, 13 insertions, 7 deletions
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py index d11e0c1..7b02e0e 100644 --- a/tests/test_openpgp.py +++ b/tests/test_openpgp.py @@ -986,7 +986,8 @@ def test_recursive_manifest_loader_require_secure(tmp_path, privkey_env, f.write(SIGNED_MANIFEST) ctx = (pytest.raises(ManifestInsecureHashes) - if insecure and sign is not False and require_secure is not False + if insecure is not None and sign is not False + and require_secure is not False else contextlib.nullcontext()) with ctx: m = ManifestRecursiveLoader(tmp_path / "Manifest", @@ -1023,7 +1024,7 @@ def test_update_require_secure_cli(base_tree, caplog, hashes_arg, if str(OpenPGPNoImplementation('install gpg')) in caplog.text: pytest.skip('OpenPGP implementation missing') - expected = (1 if insecure and sign != "--no-sign" + expected = (1 if insecure is not None and sign != "--no-sign" and require_secure != "--no-require-secure_hashes" else 0) assert retval == expected diff --git a/tests/test_recursiveloader.py b/tests/test_recursiveloader.py index 860bace..ed24d03 100644 --- a/tests/test_recursiveloader.py +++ b/tests/test_recursiveloader.py @@ -2467,6 +2467,7 @@ INSECURE_HASH_TESTS = [ ("SHA1", ["SHA1"]), ("SHA512", None), ("SHA1 SHA512", ["SHA1"]), + ("", []), ] @@ -2474,7 +2475,7 @@ INSECURE_HASH_TESTS = [ def test_insecure_hashes(layout_factory, hashes_arg, insecure): layout = BasicTestLayout tmp_path = layout_factory.create(layout) - ctx = (pytest.raises(ManifestInsecureHashes) if insecure + ctx = (pytest.raises(ManifestInsecureHashes) if insecure is not None else contextlib.nullcontext()) with ctx: ManifestRecursiveLoader(tmp_path / layout.TOP_MANIFEST, @@ -2497,7 +2498,7 @@ def test_insecure_hashes_update(layout_factory, hashes_arg, insecure, func, hashes=["SHA512"], allow_xdev=False, require_secure_hashes=True) - ctx = (pytest.raises(ManifestInsecureHashes) if insecure + ctx = (pytest.raises(ManifestInsecureHashes) if insecure is not None else contextlib.nullcontext()) with ctx: func(m, arg, hashes=hashes_arg.split()) @@ -2519,7 +2520,7 @@ def test_insecure_hashes_update_cli(layout_factory, caplog, hashes_arg, insecure, command): layout = BasicTestLayout tmp_path = layout_factory.create(layout) - expected = 1 if insecure else 0 + expected = 1 if insecure is not None else 0 assert gemato.cli.main(["gemato", command, "--hashes", hashes_arg, "--require-secure-hashes", "--force-rewrite", str(tmp_path)]) == expected diff --git a/tests/test_verify.py b/tests/test_verify.py index 43f2830..f54cd74 100644 --- a/tests/test_verify.py +++ b/tests/test_verify.py @@ -458,6 +458,9 @@ def test_unreadable_file(test_tree, function, args): ("MD5", "SHA1 SHA512", True), ("MD5", "SHA512", False), ("SHA512", "MD5 SHA512", True), + ("", None, True), + ("", "SHA512", False), + ("SHA512", "", True), ]) def test_insecure_hashes(test_tree, entry_hash, hashes_arg, insecure): ctx = (pytest.raises(ManifestInsecureHashes) if insecure @@ -465,8 +468,9 @@ def test_insecure_hashes(test_tree, entry_hash, hashes_arg, insecure): with ctx: update_entry_for_path( test_tree / "empty-file", - new_manifest_entry("DATA", "empty-file", 0, {entry_hash: ""}), - hashes=hashes_arg.split() if hashes_arg else None, + new_manifest_entry("DATA", "empty-file", 0, + {entry_hash: ""} if entry_hash else {}), + hashes=hashes_arg.split() if hashes_arg is not None else None, require_secure_hashes=True) |