[git] GPGME - branch, javascript-binding, updated. gpgme-1.11.1-86-g68a012d

by Maximilian Krambach cvs at cvs.gnupg.org
Wed Aug 1 12:53:08 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, javascript-binding has been updated
       via  68a012deb3b501d7417778be12c88bd475a37cb5 (commit)
      from  6313a2de9ee84a9321292f775e4d6c790486d3dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 68a012deb3b501d7417778be12c88bd475a37cb5
Author: Maximilian Krambach <maximilian.krambach at intevation.de>
Date:   Wed Aug 1 12:51:12 2018 +0200

    js: make init export immutable
    
    --
    
    * src/index.js: The export now uses a freezed Object, which does not
      allow for simply overwriting the init method by e.g. a third-party
      library.
    * BrowsertestExtension: Added some tests trying if decryption of bad
      data properly fails

diff --git a/lang/js/BrowserTestExtension/browsertest.html b/lang/js/BrowserTestExtension/browsertest.html
index de8cd41..a20cfe1 100644
--- a/lang/js/BrowserTestExtension/browsertest.html
+++ b/lang/js/BrowserTestExtension/browsertest.html
@@ -19,6 +19,7 @@
     <script src="tests/encryptDecryptTest.js"></script>
     <script src="tests/signTest.js"></script>
     <script src="tests/verifyTest.js"></script>
+    <script src="tests/decryptTest.js"></script>
     <script src="tests/KeyImportExport.js"></script>
 <!-- run tests -->
     <script src="runbrowsertest.js"></script>
diff --git a/lang/js/BrowserTestExtension/tests/decryptTest.js b/lang/js/BrowserTestExtension/tests/decryptTest.js
new file mode 100644
index 0000000..c6b3a3c
--- /dev/null
+++ b/lang/js/BrowserTestExtension/tests/decryptTest.js
@@ -0,0 +1,62 @@
+/* gpgme.js - Javascript integration for gpgme
+ * Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
+ *
+ * This file is part of GPGME.
+ *
+ * GPGME is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * GPGME is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1+
+ *
+ * Author(s):
+ *     Maximilian Krambach <mkrambach at intevation.de>
+ */
+
+/* global describe, it, before, expect, Gpgmejs */
+/* global bigString, inputvalues, sabotageMsg*/
+
+describe('Decryption', function () {
+    let context = null;
+    const good_fpr = inputvalues.encrypt.good.fingerprint;
+
+    before(function(done){
+        const prm = Gpgmejs.init();
+        prm.then(function(gpgmejs){
+            context = gpgmejs;
+            done();
+        });
+    });
+
+    it('Decryption of random string fails', function (done) {
+        let data = bigString(20 * 1024);
+        context.decrypt(data).then(
+            function(){},
+            function(error){
+                expect(error).to.be.an('error');
+                expect(error.code).to.equal('GNUPG_ERROR');
+                done();
+            });
+    });
+
+    it('Decryption of slightly corrupted message fails', function (done) {
+        const data = bigString(10000);
+        context.encrypt(data, good_fpr).then(function(enc){
+            context.decrypt(sabotageMsg(enc.data)).then(
+                function(){},
+                function(error){
+                    expect(error).to.be.an('error');
+                    expect(error.code).to.equal('GNUPG_ERROR');
+                    done();
+                });
+        });
+    }).timeout(5000);
+});
\ No newline at end of file
diff --git a/lang/js/BrowserTestExtension/tests/inputvalues.js b/lang/js/BrowserTestExtension/tests/inputvalues.js
index 9d956b6..1e8f154 100644
--- a/lang/js/BrowserTestExtension/tests/inputvalues.js
+++ b/lang/js/BrowserTestExtension/tests/inputvalues.js
@@ -248,3 +248,39 @@ const ImportablePublicKey = {// eslint-disable-line no-unused-vars
     '=9WZ7\n' +
     '-----END PGP PUBLIC KEY BLOCK-----\n'
 };
+
+/**
+ * Changes base64 encoded gpg messages
+ * @param {String} msg input message
+ * @param {Number} rate of changes as percentage of message length.
+ * @param {[Number, Number]} p begin and end of the message left untouched (to
+ * preserve) header/footer
+ */
+// eslint-disable-next-line no-unused-vars
+function sabotageMsg(msg, rate = 0.01, p= [35,35]){
+    const iterations = Math.floor(Math.random() * msg.length * rate) + 1;
+    const base64_set =
+        'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/';
+    for (let i=0; i < iterations; i++){
+        let str0, str1, str2;
+        const chosePosition = function(){
+            let position =
+                Math.floor( Math.random() * (msg.length - p[0] + p[1]))
+                + p[0];
+            str1 = msg.substring(position,position+1);
+            if (str1 === '\n'){
+                chosePosition();
+            } else {
+                str0 = msg.substring(0,position);
+                str2 = msg.substring(position +1);
+            }
+        };
+        chosePosition();
+        let new1 = function(){
+            let n = base64_set[Math.floor(Math.random() * 64)];
+            return (n === str1) ? new1() : n;
+        };
+        msg = str0.concat(new1()).concat(str2);
+    }
+    return msg;
+}
diff --git a/lang/js/src/index.js b/lang/js/src/index.js
index 2fed95f..51f0753 100644
--- a/lang/js/src/index.js
+++ b/lang/js/src/index.js
@@ -34,7 +34,7 @@ import { Connection } from './Connection';
  */
 function init(){
     return new Promise(function(resolve, reject){
-        let connection = Object.freeze(new Connection);
+        const connection = Object.freeze(new Connection);
         connection.checkConnection(false).then(
             function(result){
                 if (result === true) {
@@ -48,6 +48,5 @@ function init(){
     });
 }
 
-export default {
-    init: init
-};
\ No newline at end of file
+const exportvalue = Object.freeze({init:init});
+export default exportvalue;
\ No newline at end of file

-----------------------------------------------------------------------

Summary of changes:
 lang/js/BrowserTestExtension/browsertest.html      |  1 +
 .../tests/{longRunningTests.js => decryptTest.js}  | 46 ++++++++++++----------
 lang/js/BrowserTestExtension/tests/inputvalues.js  | 36 +++++++++++++++++
 lang/js/src/index.js                               |  7 ++--
 4 files changed, 66 insertions(+), 24 deletions(-)
 copy lang/js/BrowserTestExtension/tests/{longRunningTests.js => decryptTest.js} (59%)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org

More information about the Gnupg-commits mailing list