From 3b01d5205a3e30be9f228ed84f646da534080d63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Fri, 2 Feb 2018 00:40:01 +0100 Subject: [PATCH] [testsuite] Port all regression tests for github issues --- tests/bugfixes/github/test_CVE_2017_11336.py | 17 +++++++++++++++ tests/bugfixes/github/test_CVE_2017_11337.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11338.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11339.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11340.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11553.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11591.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11592.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_11683.py | 17 +++++++++++++++ tests/bugfixes/github/test_CVE_2017_12955.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_12956.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_12957.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_14858.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_14859.py | 20 +++++++++++++++++ tests/bugfixes/github/test_CVE_2017_14861.py | 19 ++++++++++++++++ tests/bugfixes/github/test_CVE_2017_14862.py | 23 ++++++++++++++++++++ tests/bugfixes/github/test_CVE_2017_14863.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_14864.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_14865.py | 17 +++++++++++++++ tests/bugfixes/github/test_CVE_2017_14866.py | 16 ++++++++++++++ tests/bugfixes/github/test_CVE_2017_17725.py | 17 +++++++++++++++ tests/bugfixes/github/test_CVE_2017_9953.py | 16 ++++++++++++++ tests/bugfixes/github/test_issue_159.py | 23 ++++++++++++++++++++ tests/bugfixes/github/test_issue_170.py | 4 ++-- tests/bugfixes/github/test_issue_45.py | 18 +++++++++++++++ tests/suite.conf | 1 + 26 files changed, 414 insertions(+), 2 deletions(-) create mode 100644 tests/bugfixes/github/test_CVE_2017_11336.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11337.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11338.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11339.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11340.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11553.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11591.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11592.py create mode 100644 tests/bugfixes/github/test_CVE_2017_11683.py create mode 100644 tests/bugfixes/github/test_CVE_2017_12955.py create mode 100644 tests/bugfixes/github/test_CVE_2017_12956.py create mode 100644 tests/bugfixes/github/test_CVE_2017_12957.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14858.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14859.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14861.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14862.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14863.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14864.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14865.py create mode 100644 tests/bugfixes/github/test_CVE_2017_14866.py create mode 100644 tests/bugfixes/github/test_CVE_2017_17725.py create mode 100644 tests/bugfixes/github/test_CVE_2017_9953.py create mode 100644 tests/bugfixes/github/test_issue_159.py create mode 100644 tests/bugfixes/github/test_issue_45.py diff --git a/tests/bugfixes/github/test_CVE_2017_11336.py b/tests/bugfixes/github/test_CVE_2017_11336.py new file mode 100644 index 00000000..95741a36 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11336.py @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/49" + + filename = "{data_path}/POC2" + commands = ["{exiv2} " + filename] + retval = [1] + stdout = [""] + stderr = [ + """{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] diff --git a/tests/bugfixes/github/test_CVE_2017_11337.py b/tests/bugfixes/github/test_CVE_2017_11337.py new file mode 100644 index 00000000..c2ebeac9 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11337.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/50" + + filename = "{data_path}/POC3" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11338.py b/tests/bugfixes/github/test_CVE_2017_11338.py new file mode 100644 index 00000000..74c852ff --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11338.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/51" + + filename = "{data_path}/POC4" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11339.py b/tests/bugfixes/github/test_CVE_2017_11339.py new file mode 100644 index 00000000..257619b0 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11339.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/52" + + filename = "{data_path}/POC5" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11340.py b/tests/bugfixes/github/test_CVE_2017_11340.py new file mode 100644 index 00000000..2b289c77 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11340.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/53" + + filename = "{data_path}/POC6" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11553.py b/tests/bugfixes/github/test_CVE_2017_11553.py new file mode 100644 index 00000000..f57d85e8 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11553.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/54" + + filename = "{data_path}/POC7" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11591.py b/tests/bugfixes/github/test_CVE_2017_11591.py new file mode 100644 index 00000000..772c5240 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11591.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/55" + + filename = "{data_path}/POC8" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11592.py b/tests/bugfixes/github/test_CVE_2017_11592.py new file mode 100644 index 00000000..233d38ea --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11592.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/56" + + filename = "{data_path}/POC9" + commands = ["{exiv2} " + filename] + stdout = [""""""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_11683.py b/tests/bugfixes/github/test_CVE_2017_11683.py new file mode 100644 index 00000000..fac4a5ec --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_11683.py @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/57" + + filename = "{data_path}/POC" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{kerInvalidTypeValue}: 0 +{exiv2_exception_message} """ + filename + """: +{kerInvalidTypeValue} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_12955.py b/tests/bugfixes/github/test_CVE_2017_12955.py new file mode 100644 index 00000000..5b40d148 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_12955.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/58" + + filename = "{data_path}/POC11" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_12956.py b/tests/bugfixes/github/test_CVE_2017_12956.py new file mode 100644 index 00000000..74f73d65 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_12956.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/59" + + filename = "{data_path}/POC12" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_12957.py b/tests/bugfixes/github/test_CVE_2017_12957.py new file mode 100644 index 00000000..acaaa07c --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_12957.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/60" + + filename = "{data_path}/POC13" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14858.py b/tests/bugfixes/github/test_CVE_2017_14858.py new file mode 100644 index 00000000..bada8574 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14858.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/138" + + filename = "{data_path}/007-heap-buffer-over" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14859.py b/tests/bugfixes/github/test_CVE_2017_14859.py new file mode 100644 index 00000000..a156895a --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14859.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/74" + + filename = "{data_path}/005-invalid-mem" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerCorruptedMetadata} +"""] + retval = [1] + + def compare_stderr(self, i, command, got_stderr, expected_stderr): + """ Only check that an exception is thrown """ + self.assertIn(expected_stderr, got_stderr) diff --git a/tests/bugfixes/github/test_CVE_2017_14861.py b/tests/bugfixes/github/test_CVE_2017_14861.py new file mode 100644 index 00000000..432a0a17 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14861.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = [ + "https://github.com/Exiv2/exiv2/issues/139", + "https://bugzilla.redhat.com/show_bug.cgi?id=1494787" + ] + + filename = "{data_path}/009-stack-over" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14862.py b/tests/bugfixes/github/test_CVE_2017_14862.py new file mode 100644 index 00000000..b915c348 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14862.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/75" + + filename = "{data_path}/008-invalid-mem" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerCorruptedMetadata} +"""] + retval = [1] + + def compare_stderr(self, i, command, got_stderr, expected_stderr): + """ + Only check that an exception is thrown for this file + ignore all the warnings on stderr on purpose. + """ + self.assertIn(expected_stderr, got_stderr) diff --git a/tests/bugfixes/github/test_CVE_2017_14863.py b/tests/bugfixes/github/test_CVE_2017_14863.py new file mode 100644 index 00000000..4cba3a92 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14863.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/132" + + filename = "{data_path}/01-Null-exiv2-poc" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14864.py b/tests/bugfixes/github/test_CVE_2017_14864.py new file mode 100644 index 00000000..26a46273 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14864.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/73" + + filename = "{data_path}/02-Invalid-mem-def" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerCorruptedMetadata} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14865.py b/tests/bugfixes/github/test_CVE_2017_14865.py new file mode 100644 index 00000000..e0f4da61 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14865.py @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/134" + + filename = "{data_path}/004-heap-buffer-over" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{kerInvalidTypeValue}: 250 +{exiv2_exception_message} """ + filename + """: +{kerInvalidTypeValue} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_14866.py b/tests/bugfixes/github/test_CVE_2017_14866.py new file mode 100644 index 00000000..659aa617 --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_14866.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/140" + + filename = "{data_path}/006-heap-buffer-over" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_17725.py b/tests/bugfixes/github/test_CVE_2017_17725.py new file mode 100644 index 00000000..da8f48de --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_17725.py @@ -0,0 +1,17 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/188" + found_by = ["Wei You", "@youwei1988"] + + filename = "{data_path}/poc_2017-12-12_issue188" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_overflow_exception_message} """ + filename + """: +{addition_overflow_message} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_CVE_2017_9953.py b/tests/bugfixes/github/test_CVE_2017_9953.py new file mode 100644 index 00000000..79070b6e --- /dev/null +++ b/tests/bugfixes/github/test_CVE_2017_9953.py @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestCvePoC(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/144" + + filename = "{data_path}/POC1" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerInvalidMalloc} +"""] + retval = [1] diff --git a/tests/bugfixes/github/test_issue_159.py b/tests/bugfixes/github/test_issue_159.py new file mode 100644 index 00000000..be4bf998 --- /dev/null +++ b/tests/bugfixes/github/test_issue_159.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class TestFirstPoC(system_tests.Case): + """ + Regression test for the first bug described in: + https://github.com/Exiv2/exiv2/issues/159 + """ + url = "https://github.com/Exiv2/exiv2/issues/159" + + filename = "{data_path}/printStructure" + commands = ["{exiv2} " + filename] + stdout = [""] + stderr = ["""{exiv2_exception_message} """ + filename + """: +{kerCorruptedMetadata} +"""] + retval = [1] + + +# todo: +# class TestSecondPoC(system_tests.Case): diff --git a/tests/bugfixes/github/test_issue_170.py b/tests/bugfixes/github/test_issue_170.py index 8fd8d7af..a67e8a4b 100644 --- a/tests/bugfixes/github/test_issue_170.py +++ b/tests/bugfixes/github/test_issue_170.py @@ -3,7 +3,7 @@ import system_tests -class decodeIHDRChunkOutOfBoundsRead(system_tests.Case): +class DecodeIHDRChunkOutOfBoundsRead(system_tests.Case): url = "https://github.com/Exiv2/exiv2/issues/170" @@ -11,7 +11,7 @@ class decodeIHDRChunkOutOfBoundsRead(system_tests.Case): commands = ["{exiv2} " + filename] stdout = [""] - stderr = ["""{exiv2_exception_msg} """ + filename + """: + stderr = ["""{exiv2_exception_message} """ + filename + """: {kerFailedToReadImageData} """] retval = [1] diff --git a/tests/bugfixes/github/test_issue_45.py b/tests/bugfixes/github/test_issue_45.py new file mode 100644 index 00000000..216a81b0 --- /dev/null +++ b/tests/bugfixes/github/test_issue_45.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- + +import system_tests + + +class Sigma24_105mmRecognization(system_tests.Case): + + url = "https://github.com/Exiv2/exiv2/issues/45" + + filename = "{data_path}/exiv2-g45.exv" + commands = ["{exiv2} -pa --grep lens/i " + filename] + stdout = ["""Exif.CanonCs.LensType Short 1 Sigma 24-105mm F4 DG OS HSM [Art 013] +Exif.CanonCs.Lens Short 3 24.0 - 105.0 mm +Exif.CanonCf.LensAFStopButton Short 1 0 +Exif.Canon.LensModel Ascii 74 24-105mm F4 DG OS HSM | Art 013 +"""] + stderr = [""] + retval = [0] diff --git a/tests/suite.conf b/tests/suite.conf index 7d2b5073..a1795c00 100644 --- a/tests/suite.conf +++ b/tests/suite.conf @@ -18,6 +18,7 @@ tiff-test: ${ENV:exiv2_path}/tiff-test${ENV:binary_extension} kerFailedToReadImageData: Failed to read image data kerCorruptedMetadata: corrupted image metadata kerInvalidMalloc: invalid memory allocation request +kerInvalidTypeValue: invalid type value detected in Image::printIFDStructure addition_overflow_message: Overflow in addition exiv2_exception_message: Exiv2 exception in print action for file exiv2_overflow_exception_message: std::overflow_error exception in print action for file