blob: 789550b5cc5ca502feb3ecabda5c14db7fcfc9db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
#!/bin/bash
#
# Copyright (C) 2021 Matthew Leeds <mwleeds@protonmail.com>
#
# SPDX-License-Identifier: LGPL-2.0-or-later
set -euo pipefail
. $(dirname $0)/libtest.sh
echo "1..7"
setup_repo
COUNTER=1
create_app () {
local OPTIONS="$1"
local DIR=`mktemp -d`
mkdir ${DIR}/files
echo $COUNTER > ${DIR}/files/counter
let COUNTER=COUNTER+1
local INVALID=""
if [[ $OPTIONS =~ "invalid" ]]; then
INVALID=invalidkeyfileline
fi
cat > ${DIR}/metadata <<EOF
[Application]
name=org.test.Malicious
runtime=org.test.Platform/${ARCH}/master
$INVALID
[Context]
EOF
if [[ $OPTIONS =~ "mismatch" ]]; then
echo -e "filesystems=host;" >> ${DIR}/metadata
fi
if [[ $OPTIONS =~ "hidden" ]]; then
echo -ne "\0" >> ${DIR}/metadata
echo -e "\nfilesystems=home;" >> ${DIR}/metadata
fi
local XA_METADATA=--add-metadata-string=xa.metadata="$(head -n6 ${DIR}/metadata)"$'\n'
if [[ $OPTIONS =~ "no-xametadata" ]]; then
XA_METADATA="--add-metadata-string=xa.nometadata=1"
fi
ostree commit --repo=repos/test --branch=app/org.test.Malicious/${ARCH}/master ${FL_GPGARGS} "$XA_METADATA" ${DIR}/ >&2
if [[ $OPTIONS =~ "no-cache-in-summary" ]]; then
ostree --repo=repos/test ${FL_GPGARGS} summary -u >&2
# force use of legacy summary format
rm -rf repos/test/summary.idx repos/test/summaries
else
update_repo
fi
rm -rf ${DIR}
}
cleanup_repo () {
ostree refs --repo=repos/test --delete app/org.test.Malicious/${ARCH}/master >&2
update_repo
}
create_app "hidden"
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with hidden permissions"
fi
assert_file_has_content install-error-log "not matching expected metadata"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with hidden permissions can't be installed (CVE-2021-43860)"
create_app no-xametadata
# The install will fail because the metadata in the summary doesn't match the metadata on the commit
# The missing xa.metadata in the commit got turned into "" in the xa.cache
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with missing xa.metadata"
fi
assert_file_has_content install-error-log "not matching expected metadata"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with no xa.metadata can't be installed"
create_app "no-xametadata no-cache-in-summary"
# The install will fail because there's no metadata in the summary or on the commit
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with missing metadata"
fi
assert_file_has_content install-error-log "No xa.metadata in local commit"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with no xa.metadata and no metadata in summary can't be installed"
create_app "invalid"
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with invalid metadata"
fi
assert_file_has_content install-error-log "Metadata for .* is invalid"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with invalid metadata (in summary) can't be installed"
create_app "invalid no-cache-in-summary"
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with invalid metadata"
fi
assert_file_has_content install-error-log "Metadata for .* is invalid"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with invalid metadata (in commit) can't be installed"
create_app "mismatch no-cache-in-summary"
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with non-matching metadata"
fi
assert_file_has_content install-error-log "Commit metadata for .* not matching expected metadata"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with mismatched metadata (in commit) can't be installed"
create_app "mismatch"
if ${FLATPAK} ${U} install -y test-repo org.test.Malicious &>install-error-log; then
assert_not_reached "Should not be able to install app with non-matching metadata"
fi
assert_file_has_content install-error-log "Commit metadata for .* not matching expected metadata"
assert_not_has_dir $FL_DIR/app/org.test.Malicious/current/active
cleanup_repo
ok "app with mismatched metadata (in summary) can't be installed"
|