qt: Check arguments passed to the revoke key job

* lang/qt/src/qgpgmerevokekeyjob.cpp (check_arguments): New.
(QGpgMERevokeKeyJob::start, QGpgMERevokeKeyJob::exec): Call
check_arguments.
* lang/qt/tests/t-revokekey.cpp (RevokeKeyJobTest): Add member functions
testErrorHandling_nullKey, testErrorHandling_invalidReason,
testErrorHandling_invalidDescription.
--

Check that the key is not a null key, that the reason has a valid
value, and that the description lines do not contain endline characters
and are not empty.

GnuPG-bug-id: 5904
This commit is contained in:
Ingo Klöcker 2022-03-30 12:25:53 +02:00
parent 3856ae8621
commit 7f089165e3
2 changed files with 98 additions and 5 deletions

View File

@ -46,6 +46,8 @@
#include <gpg-error.h> #include <gpg-error.h>
#include "qgpgme_debug.h"
using namespace QGpgME; using namespace QGpgME;
using namespace GpgME; using namespace GpgME;
@ -57,6 +59,29 @@ QGpgMERevokeKeyJob::QGpgMERevokeKeyJob(Context *context)
QGpgMERevokeKeyJob::~QGpgMERevokeKeyJob() = default; QGpgMERevokeKeyJob::~QGpgMERevokeKeyJob() = default;
static Error check_arguments(const Key &key,
RevocationReason reason,
const std::vector<std::string> &description)
{
if (key.isNull()) {
qWarning(QGPGME_LOG) << "Error: Key is null key";
return Error::fromCode(GPG_ERR_INV_ARG);
}
if (reason < RevocationReason::Unspecified || reason > RevocationReason::NoLongerUsed) {
qWarning(QGPGME_LOG) << "Error: Invalid revocation reason" << static_cast<int>(reason);
return Error::fromCode(GPG_ERR_INV_VALUE);
}
if (std::any_of(std::begin(description), std::end(description),
[](const std::string &line) {
return line.empty() || line.find('\n') != std::string::npos;
})) {
qWarning(QGPGME_LOG) << "Error: Revocation description contains empty lines or lines with endline characters";
return Error::fromCode(GPG_ERR_INV_VALUE);
}
return {};
}
static QGpgMERevokeKeyJob::result_type revoke_key(Context *ctx, const Key &key, static QGpgMERevokeKeyJob::result_type revoke_key(Context *ctx, const Key &key,
RevocationReason reason, RevocationReason reason,
const std::vector<std::string> &description) const std::vector<std::string> &description)
@ -80,17 +105,24 @@ Error QGpgMERevokeKeyJob::start(const GpgME::Key &key,
GpgME::RevocationReason reason, GpgME::RevocationReason reason,
const std::vector<std::string> &description) const std::vector<std::string> &description)
{ {
run(std::bind(&revoke_key, std::placeholders::_1, key, reason, description)); Error err = check_arguments(key, reason, description);
return {}; if (!err) {
run(std::bind(&revoke_key, std::placeholders::_1, key, reason, description));
}
return err;
} }
Error QGpgMERevokeKeyJob::exec(const GpgME::Key &key, Error QGpgMERevokeKeyJob::exec(const GpgME::Key &key,
GpgME::RevocationReason reason, GpgME::RevocationReason reason,
const std::vector<std::string> &description) const std::vector<std::string> &description)
{ {
const result_type r = revoke_key(context(), key, reason, description); Error err = check_arguments(key, reason, description);
resultHook(r); if (!err) {
return std::get<0>(r); const result_type r = revoke_key(context(), key, reason, description);
resultHook(r);
err = std::get<0>(r);
}
return err;
} }
#include "qgpgmerevokekeyjob.moc" #include "qgpgmerevokekeyjob.moc"

View File

@ -39,6 +39,7 @@
#include <revokekeyjob.h> #include <revokekeyjob.h>
#include <QProcess> #include <QProcess>
#include <QRegularExpression>
#include <QSignalSpy> #include <QSignalSpy>
#include <QTest> #include <QTest>
@ -196,6 +197,66 @@ private Q_SLOTS:
"0000 1111 2222 3333 4444 5555 6666 7777 8888 9999."}); "0000 1111 2222 3333 4444 5555 6666 7777 8888 9999."});
} }
void testErrorHandling_nullKey()
{
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Key is null key");
const auto result = job->exec(Key{});
QVERIFY(result.code() == GPG_ERR_INV_ARG);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Key is null key");
const auto result = job->start(Key{});
QVERIFY(result.code() == GPG_ERR_INV_ARG);
}
}
void testErrorHandling_invalidReason()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, QRegularExpression{"^Error: Invalid revocation reason"});
const auto result = job->exec(key, static_cast<RevocationReason>(-1));
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, QRegularExpression{"^Error: Invalid revocation reason"});
const auto result = job->start(key, static_cast<RevocationReason>(4));
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
}
void testErrorHandling_invalidDescription()
{
// Get the key that shall be revoked
auto key = getTestKey("revoke-me@example.net");
QVERIFY(!key.isNull());
QVERIFY(!key.isRevoked());
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Revocation description contains empty lines or lines with endline characters");
const auto result = job->exec(key, RevocationReason::Unspecified,
{"line1", "", "line3"});
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
{
auto job = std::unique_ptr<RevokeKeyJob>{openpgp()->revokeKeyJob()};
QTest::ignoreMessage(QtWarningMsg, "Error: Revocation description contains empty lines or lines with endline characters");
const auto result = job->start(key, RevocationReason::Unspecified,
{"line1\nline2"});
QVERIFY(result.code() == GPG_ERR_INV_VALUE);
}
}
private: private:
Key getTestKey(const char *pattern) Key getTestKey(const char *pattern)
{ {