diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2022-08-24 19:39:11 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2022-08-25 01:50:43 +0200 |
| commit | e2d1bdd1d8c10617818e5805330c54523580b647 (patch) | |
| tree | 65911731b1d3ea8074fd2f32940fb10bbd40766b /pkg/trust/policy_test.go | |
| parent | cbdbb025a3f6e6e5417cdade032075d679842056 (diff) | |
| download | podman-e2d1bdd1d8c10617818e5805330c54523580b647.tar.gz podman-e2d1bdd1d8c10617818e5805330c54523580b647.tar.bz2 podman-e2d1bdd1d8c10617818e5805330c54523580b647.zip | |
Improve validation of data in ImageEngine.SetTrust
- Also reject public keys with types that don't use them
- Reject unknown trust types
- And add unit tests
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg/trust/policy_test.go')
| -rw-r--r-- | pkg/trust/policy_test.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/pkg/trust/policy_test.go b/pkg/trust/policy_test.go index 1f2f585c8..c4781335f 100644 --- a/pkg/trust/policy_test.go +++ b/pkg/trust/policy_test.go @@ -25,6 +25,38 @@ func TestAddPolicyEntries(t *testing.T) { err = os.WriteFile(policyPath, minimalPolicyJSON, 0600) require.NoError(t, err) + // Invalid input: + for _, invalid := range []AddPolicyEntriesInput{ + { + Scope: "default", + Type: "accept", + PubKeyFiles: []string{"/does-not-make-sense"}, + }, + { + Scope: "default", + Type: "insecureAcceptAnything", + PubKeyFiles: []string{"/does-not-make-sense"}, + }, + { + Scope: "default", + Type: "reject", + PubKeyFiles: []string{"/does-not-make-sense"}, + }, + { + Scope: "default", + Type: "signedBy", + PubKeyFiles: []string{}, // A key is missing + }, + { + Scope: "default", + Type: "this-is-unknown", + PubKeyFiles: []string{}, + }, + } { + err := AddPolicyEntries(policyPath, invalid) + assert.Error(t, err, "%#v", invalid) + } + err = AddPolicyEntries(policyPath, AddPolicyEntriesInput{ Scope: "default", Type: "reject", |