rcs-common 9.6.0

data/spec/mongoid.yaml

@@ -0,0 +1,6 @@
+spec:
+  sessions:
+    default:
+      database: rcs-test
+      hosts:
+        - localhost:27017

data/spec/signature_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+require 'rcs-common/signature'
+
+class TestSignature
+  include Mongoid::Document
+  include RCS::Mongoid::Signature
+
+  field :name, type: String
+  field :surname, type: String
+  field :code, type: Integer
+  field :address, type: String
+  field :complex, type: Hash
+
+  sign_options :include => [:name, :surname, :code, :complex]
+end
+
+describe RCS::Mongoid::Signature do
+
+  describe '.included' do
+
+    let(:test) do
+      TestSignature.new
+    end
+
+    let(:fields) do
+      TestSignature.fields
+    end
+
+    before do
+      test.run_callbacks(:create)
+      test.run_callbacks(:save)
+    end
+
+    it "adds signature to the document" do
+      expect(fields["signature"]).to_not be_nil
+    end
+
+  end
+
+  context "when the document is created" do
+
+    let(:test) do
+      TestSignature.create(name: 'a', surname: 'b')
+    end
+
+    it "runs the created callbacks" do
+      expect(test.signature).to_not be_nil
+    end
+
+    it 'validates the signature' do
+      expect(test.check_signature).to be_truthy
+    end
+
+  end
+
+  context 'when the document is updated' do
+
+    let(:test) do
+      TestSignature.create(name: 'a', surname: 'b', code: 123, complex: {a:1, b:2})
+    end
+
+    it 'validates the signature after reload' do
+      test.reload
+      expect(test.check_signature).to be_truthy
+    end
+
+    it 'validates the signature after save' do
+      test.name = 'modified'
+      test.save
+      test.reload
+      expect(test.check_signature).to be_truthy
+    end
+
+    it 'validates the signature after update_attributes' do
+      test.update_attributes({surname: 'modified'})
+      test.reload
+      expect(test.check_signature).to be_truthy
+    end
+
+  end
+
+  context 'when the document is tampered' do
+
+    let(:test) do
+      TestSignature.create(name: 'a', surname: 'b', code: 123, complex: {a:1, b:2})
+    end
+
+    it 'validate the signature when changing not included field' do
+      test.address = 'c'
+      expect(test.check_signature).to be_truthy
+    end
+
+    it 'invalidate the signature when changing a signed field' do
+      test.name = 'mod'
+      expect(test.check_signature).to be_falsey
+    end
+
+    it 'invalidate the signature when changing the signature itself' do
+      test.signature = {}
+      expect(test.check_signature).to be_falsey
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,22 @@
+require 'bundler'
+require 'rspec'
+require 'pry'
+
+$LOAD_PATH << File.expand_path('../lib', __FILE__)
+
+require 'rcs-common'
+require 'rcs-common/mongoid'
+
+RSpec.configure do |config|
+
+  config.color = true
+
+  config.before(:all) do
+    ENV['MONGOID_ENV'] = 'spec'
+    Mongoid.load! File.expand_path('../mongoid.yaml', __FILE__), :spec
+  end
+
+  config.before(:each) do
+    Mongoid.purge!
+  end
+end

data/spec/updater_spec.rb

@@ -0,0 +1,80 @@
+require 'spec_helper'
+require 'stringio'
+require 'rcs-common/updater/client'
+require 'rcs-common/updater/server'
+
+module RCS::Updater
+
+  describe 'client' do
+    before do
+      allow_any_instance_of(Client).to receive(:trace).and_return(nil)
+    end
+
+    let(:signature) { '2433e2d6865e4e9a15ee57f74a196477' }
+
+    let(:signature2) { '2433e2d6865e4e9a15ee57f74a196400' }
+
+    let(:client) { Client.new("localhost") }
+
+    before do
+      @server_process_pid = fork do
+        allow_any_instance_of(SharedKey).to receive(:read_key_from_file).and_return(signature)
+        $stdout = StringIO.new
+        $stderr = $stdout
+        Server.start
+      end
+
+      # Wait for the server to bind
+      sleep(2)
+
+      allow(client).to receive(:localhost?).and_return(false)
+    end
+
+    after do
+      Process.kill(9, @server_process_pid)
+    end
+
+    context 'when shared key is valid' do
+      before do
+        allow_any_instance_of(SharedKey).to receive(:read_key_from_file).and_return(signature)
+      end
+
+      it 'communicates' do
+        expect(client.connected?).to be_truthy
+      end
+    end
+
+    context 'when shared key is not valid' do
+      before do
+        allow_any_instance_of(SharedKey).to receive(:read_key_from_file).and_return(signature2)
+      end
+
+      it 'does not get a reply' do
+        expect(client.connected?).to be_falsey
+      end
+    end
+
+    context 'when requesting to execute an invalid command' do
+      before do
+        allow_any_instance_of(SharedKey).to receive(:read_key_from_file).and_return(signature)
+      end
+
+      it 'raises an error' do
+        client.max_retries = 0
+        expect { client.request("xpas123Mnq1", exec: 1) }.to raise_error
+      end
+    end
+
+    context 'when requesting to execute the hostname command' do
+      before do
+        allow_any_instance_of(SharedKey).to receive(:read_key_from_file).and_return(signature)
+      end
+
+      it 'gets a valid response' do
+        resp = client.request("hostname", exec: 1)
+        expect(resp[:return_code]).to eq(0)
+        expect(resp[:output]).to eq(`hostname`)
+      end
+    end
+  end
+end

data/tasks/deploy.rake

@@ -0,0 +1,21 @@
+require 'rcs-common/deploy'
+
+desc "Deploy this project"
+task :deploy do
+  user    = ENV['DEPLOY_USER'] || 'Administrator'
+  address = ENV['DEPLOY_ADDRESS'] || '192.168.100.100'
+  deploy  = RCS::Deploy.new(user: user, address: address)
+  $target = deploy.target
+  $me     = deploy.me
+
+  if ENV['SKIP_CONFIRM'] != 'yes' and $me.pending_changes?
+    exit unless $me.ask('You have pending changes, continue?')
+  end
+
+  $me.run('rm -f pkg/*.gem')
+  $me.run('rake build')
+  $target.run("cd ./rcs-common && del *.gem")
+  $target.mirror!("pkg", "./rcs-common")
+  $target.run("cd ./rcs-common; \"C:/RCS/Ruby/bin/gem\" install --conservative rcs*.gem; \"C:/RCS/Ruby/bin/gem\" clean rcs-common")
+  $target.restart_service('RCSWorker')
+end

data/tasks/protect.rake

@@ -0,0 +1,90 @@
+require 'fileutils'
+
+namespace :protect do
+
+  def verbose?
+    Rake.verbose == true
+  end
+
+  def report(message)
+    print message + '...'
+    STDOUT.flush
+    if block_given?
+      yield
+    end
+    puts ' ok'
+  end
+
+  def exec_rubyencoder(cmd)
+    if verbose?
+      system(cmd) || raise("Econding failed.")
+    else
+      raise("Econding failed.") if `#{cmd}` !~ /processed, 0 errors/
+    end
+  end
+
+  def windows?
+    RbConfig::CONFIG['host_os'] =~ /mingw/
+  end
+
+  if windows?
+    RUBYENCPATH = 'C:/Program Files (x86)/RubyEncoder'
+    RUBYENC = "\"C:\\Program Files (x86)\\RubyEncoder\\rgencoder.exe\""
+  else
+    paths = ['/Applications/Development/RubyEncoder.app/Contents/MacOS', '/Applications/RubyEncoder.app/Contents/MacOS']
+    RUBYENCPATH = File.exists?(paths.first) ? paths.first : paths.last
+    RUBYENC = "#{RUBYENCPATH}/rgencoder"
+  end
+
+  RUBYENC_VERSION = '2.0.0'
+
+  LIB_PATH = File.expand_path('../../lib', __FILE__)
+
+  raise("Invalid lib path") unless File.exists?("#{LIB_PATH}/rcs-common.rb")
+
+  desc "Build an encrypted version of rcs-common gem into the pkg directory"
+  task :build do
+    begin
+      FileUtils.cp_r(LIB_PATH, "#{LIB_PATH}_src")
+
+      # Encoding files
+      report("Encoding scripts (use --trace to see RubyEncoder output)") do
+        exec_rubyencoder("#{RUBYENC} --stop-on-error --encoding UTF-8 -b- -r --ruby #{RUBYENC_VERSION} \"#{LIB_PATH}/*.rb\"")
+      end
+
+
+      # Copy rgloader to lib folder
+
+      rgpath = "#{LIB_PATH}/rgloader"
+      FileUtils.rm_rf(rgpath)
+      FileUtils.mkdir(rgpath)
+
+      files = Dir["#{RUBYENCPATH}/Loaders/**/**"]
+        # keep only the interesting files (2.0.x windows, macos)
+      files.delete_if {|v| v.match(/bsd/i) or v.match(/linux/i)}
+      files.keep_if {|v| v.match(/#{RUBYENC_VERSION.gsub('.','')[0..1]}/) or v.match(/loader.rb/) }
+
+      files.each { |f| FileUtils.cp(f, rgpath) }
+
+
+      # Building the gem
+
+      export_protected = windows? ? "set PROTECTED=1 &&" : "export PROTECTED=1 ;"
+      system "#{export_protected} rake build"
+    ensure
+      # Restore the lib folder
+      if Dir.exists?("#{LIB_PATH}_src")
+        FileUtils.rm_rf(LIB_PATH) if Dir.exists?(LIB_PATH)
+        FileUtils.mv("#{LIB_PATH}_src", LIB_PATH)
+      end
+    end
+  end
+
+  desc "Build and install an encrypted version of rcs-common into system gems"
+  task :install do
+    FileUtils.rm_rf("#{LIB_PATH}/../pkg")
+    Rake::Task['protect:build'].invoke
+    gemfile = Dir["#{LIB_PATH}/../pkg/*.gem"].first
+    system("gem install --conservative #{gemfile}")
+  end
+end

data/test/helper.rb

@@ -0,0 +1,17 @@
+require 'bundler'
+
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rcs-common'
+
+class Test::Unit::TestCase
+end

data/test/test_binary.rb

@@ -0,0 +1,107 @@
+require "test/unit"
+require 'securerandom'
+
+class BinaryPatchTest < Test::Unit::TestCase
+
+  def test_string
+    input = "string to be modified"
+    output = "string modified"
+
+    input.binary_patch "to be ", ""
+
+    assert_equal output, input
+  end
+
+  def test_binary
+    input = SecureRandom.random_bytes(16)
+    search = input.slice(0..3)
+    output = "1234" + input[4..-1]
+
+    input.binary_patch search, "1234"
+
+    assert_equal output, input
+  end
+
+  def test_binary_with_zero
+    input = "this\x00and\x00that"
+    search = "and"
+    replace = ",\x00this\x00,"
+    output = "this\x00,\x00this\x00,\x00that"
+
+    input.binary_patch search, replace
+
+    assert_equal output, input
+  end
+
+  def test_binary_with_regex
+    input = SecureRandom.random_bytes(16)
+    search = input.slice(0..3)
+    output = '\&$1' + input[4..-1]
+
+    input.binary_patch search, '\&$1'
+
+    assert_equal output, input
+  end
+
+  def test_not_found
+    input = "ciao"
+
+    assert_raise MatchNotFound do
+      input.binary_patch "miao", "bau"
+    end
+  end
+
+  def test_with_offset
+    input = "ciao miao bau"
+    offset = 5
+    string = "test"
+    output = "ciao test bau"
+
+    input.binary_patch_at_offset offset, string
+
+    assert_equal output, input
+  end
+
+  def test_with_offset_out_of_bound
+    input = "ciao bau"
+    offset = 15
+    string = "test"
+
+    assert_raise OutOfBounds do
+      input.binary_patch_at_offset offset, string
+    end
+  end
+
+  def test_with_offset_too_long
+    input = "ciao bau"
+    offset = 5
+    string = "test"
+
+    assert_raise OutOfBoundsString do
+      input.binary_patch_at_offset offset, string
+    end
+  end
+
+  def test_add_at_offset
+    input = "\x00\x00\x00\x00ciao miao bau"
+    offset = 0
+    value = 16
+    output = "\x10\x00\x00\x00ciao miao bau"
+
+    input.binary_add_at_offset offset, value
+
+    assert_equal output, input
+  end
+
+  def test_add_at_offset_not_zero
+    input = "ciao \x10\x00\x00\x00 miao bau"
+    offset = 5
+    value = 16
+    output = "ciao \x20\x00\x00\x00 miao bau"
+
+    input.binary_add_at_offset offset, value
+
+    assert_equal output, input
+  end
+
+end