js: make init export immutable

-- * src/index.js: The export now uses a freezed Object, which does not allow for simply overwriting the init method by e.g. a third-party library. * BrowsertestExtension: Added some tests trying if decryption of bad data properly fails
2018-08-01 12:51:12 +02:00 · 2018-08-01 12:51:12 +02:00 · 68a012deb3
commit 68a012deb3
parent 6313a2de9e
4 changed files with 102 additions and 4 deletions
--- a/lang/js/BrowserTestExtension/browsertest.html
+++ b/lang/js/BrowserTestExtension/browsertest.html
@ -19,6 +19,7 @@
    <script src="tests/encryptDecryptTest.js"></script>
    <script src="tests/signTest.js"></script>
    <script src="tests/verifyTest.js"></script>
+    <script src="tests/decryptTest.js"></script>
    <script src="tests/KeyImportExport.js"></script>
 <!-- run tests -->
    <script src="runbrowsertest.js"></script>
--- a/lang/js/BrowserTestExtension/tests/decryptTest.js
+++ b/lang/js/BrowserTestExtension/tests/decryptTest.js
@ -0,0 +1,62 @@
+/* gpgme.js - Javascript integration for gpgme
+ * Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
+ *
+ * This file is part of GPGME.
+ *
+ * GPGME is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * GPGME is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * SPDX-License-Identifier: LGPL-2.1+
+ *
+ * Author(s):
+ *     Maximilian Krambach <mkrambach@intevation.de>
+ */
+
+/* global describe, it, before, expect, Gpgmejs */
+/* global bigString, inputvalues, sabotageMsg*/
+
+describe('Decryption', function () {
+    let context = null;
+    const good_fpr = inputvalues.encrypt.good.fingerprint;
+
+    before(function(done){
+        const prm = Gpgmejs.init();
+        prm.then(function(gpgmejs){
+            context = gpgmejs;
+            done();
+        });
+    });
+
+    it('Decryption of random string fails', function (done) {
+        let data = bigString(20 * 1024);
+        context.decrypt(data).then(
+            function(){},
+            function(error){
+                expect(error).to.be.an('error');
+                expect(error.code).to.equal('GNUPG_ERROR');
+                done();
+            });
+    });
+
+    it('Decryption of slightly corrupted message fails', function (done) {
+        const data = bigString(10000);
+        context.encrypt(data, good_fpr).then(function(enc){
+            context.decrypt(sabotageMsg(enc.data)).then(
+                function(){},
+                function(error){
+                    expect(error).to.be.an('error');
+                    expect(error.code).to.equal('GNUPG_ERROR');
+                    done();
+                });
+        });
+    }).timeout(5000);
+});
--- a/lang/js/BrowserTestExtension/tests/inputvalues.js
+++ b/lang/js/BrowserTestExtension/tests/inputvalues.js
@ -248,3 +248,39 @@ const ImportablePublicKey = {// eslint-disable-line no-unused-vars
    '=9WZ7\n' +
    '-----END PGP PUBLIC KEY BLOCK-----\n'
 };
+
+/**
+ * Changes base64 encoded gpg messages
+ * @param {String} msg input message
+ * @param {Number} rate of changes as percentage of message length.
+ * @param {[Number, Number]} p begin and end of the message left untouched (to
+ * preserve) header/footer
+ */
+// eslint-disable-next-line no-unused-vars
+function sabotageMsg(msg, rate = 0.01, p= [35,35]){
+    const iterations = Math.floor(Math.random() * msg.length * rate) + 1;
+    const base64_set =
+        'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/';
+    for (let i=0; i < iterations; i++){
+        let str0, str1, str2;
+        const chosePosition = function(){
+            let position =
+                Math.floor( Math.random() * (msg.length - p[0] + p[1]))
+                + p[0];
+            str1 = msg.substring(position,position+1);
+            if (str1 === '\n'){
+                chosePosition();
+            } else {
+                str0 = msg.substring(0,position);
+                str2 = msg.substring(position +1);
+            }
+        };
+        chosePosition();
+        let new1 = function(){
+            let n = base64_set[Math.floor(Math.random() * 64)];
+            return (n === str1) ? new1() : n;
+        };
+        msg = str0.concat(new1()).concat(str2);
+    }
+    return msg;
+}
--- a/lang/js/src/index.js
+++ b/lang/js/src/index.js
@ -34,7 +34,7 @@ import { Connection } from './Connection';
 */
 function init(){
    return new Promise(function(resolve, reject){
-        let connection = Object.freeze(new Connection);
+        const connection = Object.freeze(new Connection);
        connection.checkConnection(false).then(
            function(result){
                if (result === true) {
@ -48,6 +48,5 @@ function init(){
    });
 }

-export default {
-    init: init
-};
+const exportvalue = Object.freeze({init:init});
+export default exportvalue;