Increase test coverage (#144)

Work towards 100% code coverage in unit tests, fix segfaults encountered

Author: hoefling

.travis.yml

@@ -40,7 +40,7 @@ install:
 - pip list
 script: coverage run -m pytest -v tests --color=yes
 after_success:
-- lcov --capture --directory . --output-file coverage.info
+- lcov --capture --no-external --directory . --output-file coverage.info
 - lcov --list coverage.info
 - bash <(curl -s https://codecov.io/bash) -f coverage.info
 before_deploy:

src/ds.c

@@ -87,11 +87,21 @@ static int PyXmlSec_SignatureContextKeySet(PyObject* self, PyObject* value, void
     PyXmlSec_Key* key;
 
     PYXMLSEC_DEBUGF("%p, %p", self, value);
+
+    if (value == NULL) {  // key deletion
+        if (ctx->handle->signKey != NULL) {
+            xmlSecKeyDestroy(ctx->handle->signKey);
+            ctx->handle->signKey = NULL;
+        }
+        return 0;
+    }
+
     if (!PyObject_IsInstance(value, (PyObject*)PyXmlSec_KeyType)) {
         PyErr_SetString(PyExc_TypeError, "instance of *xmlsec.Key* expected.");
         return -1;
     }
     key = (PyXmlSec_Key*)value;
+
     if (key->handle == NULL) {
         PyErr_SetString(PyExc_TypeError, "empty key.");
         return -1;
@@ -252,6 +262,7 @@ static int PyXmlSec_ProcessSignBinary(PyXmlSec_SignatureContext* ctx, const xmlS
 
     if (ctx->handle->signKey == NULL) {
         PyErr_SetString(PyXmlSec_Error, "Sign key is not specified.");
+        return -1;
     }
 
     if (ctx->handle->signMethod != NULL) {

src/enc.c

@@ -90,6 +90,15 @@ static int PyXmlSec_EncryptionContextKeySet(PyObject* self, PyObject* value, voi
     PyXmlSec_Key* key;
 
     PYXMLSEC_DEBUGF("%p, %p", self, value);
+
+    if (value == NULL) {  // key deletion
+        if (ctx->handle->encKey != NULL) {
+            xmlSecKeyDestroy(ctx->handle->encKey);
+            ctx->handle->encKey = NULL;
+        }
+        return 0;
+    }
+
     if (!PyObject_IsInstance(value, (PyObject*)PyXmlSec_KeyType)) {
         PyErr_SetString(PyExc_TypeError, "instance of *xmlsec.Key* expected.");
         return -1;
@@ -224,7 +233,7 @@ static PyObject* PyXmlSec_EncryptionContextEncryptXml(PyObject* self, PyObject*
     }
     tmpType = xmlGetProp(template->_c_node, XSTR("Type"));
     if (tmpType == NULL || !(xmlStrEqual(tmpType, xmlSecTypeEncElement) || xmlStrEqual(tmpType, xmlSecTypeEncContent))) {
-        PyErr_SetString(PyXmlSec_Error, "unsupported `Type`, it should be `element` or `content`)");
+        PyErr_SetString(PyXmlSec_Error, "unsupported `Type`, it should be `element` or `content`");
         goto ON_FAIL;
     }
 

src/keys.c

@@ -452,10 +452,21 @@ static int PyXmlSec_KeyNameSet(PyObject* self, PyObject* value, void* closure) {
         return -1;
     }
 
+    if (value == NULL) {
+        if (xmlSecKeySetName(key->handle, value) < 0) {
+            PyXmlSec_SetLastError("cannot delete name");
+            return -1;
+        }
+        return 0;
+    }
+
     name = PyString_AsString(value);
     if (name == NULL) return -1;
 
-    xmlSecKeySetName(key->handle, XSTR(name));
+    if (xmlSecKeySetName(key->handle, XSTR(name)) < 0) {
+        PyXmlSec_SetLastError("cannot set name");
+        return -1;
+    }
     return 0;
 }
 

tests/base.py

@@ -7,6 +7,9 @@
 
 import unittest
 
+if sys.version_info < (3, ):
+    unittest.TestCase.assertRaisesRegex = unittest.TestCase.assertRaisesRegexp
+
 
 etype = type(etree.Element("test"))
 

tests/conftest.py

@@ -0,0 +1,10 @@
+def pytest_collection_modifyitems(items):
+    """
+    Put the module init test first to implicitly check whether
+    any subsequent test fails because of module reinitialization.
+    """
+
+    def module_init_tests_first(item):
+        return int('test_xmlsec.py::TestModule::test_reinitialize_module' not in item.nodeid)
+
+    items.sort(key=module_init_tests_first)

tests/test_ds.py

@@ -1,7 +1,5 @@
-from tests import base
-
 import xmlsec
-
+from tests import base
 
 consts = xmlsec.constants
 
@@ -11,18 +9,69 @@ def test_init(self):
         ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
         del ctx
 
-    def test_key(self):
+    def test_init_no_keys_manager(self):
+        ctx = xmlsec.SignatureContext()
+        del ctx
+
+    def test_init_bad_args(self):
+        with self.assertRaisesRegex(TypeError, 'KeysManager required'):
+            xmlsec.SignatureContext(manager='foo')
+
+    def test_no_key(self):
         ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
         self.assertIsNone(ctx.key)
+
+    def test_del_key(self):
+        ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        del ctx.key
+        self.assertIsNone(ctx.key)
+
+    def test_set_key(self):
+        ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
         ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
         self.assertIsNotNone(ctx.key)
 
+    def test_set_key_bad_type(self):
+        ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
+        with self.assertRaisesRegex(TypeError, r'instance of \*xmlsec.Key\* expected.'):
+            ctx.key = ''
+
+    def test_set_invalid_key(self):
+        ctx = xmlsec.SignatureContext(manager=xmlsec.KeysManager())
+        with self.assertRaisesRegex(TypeError, 'empty key.'):
+            ctx.key = xmlsec.Key()
+
     def test_register_id(self):
         ctx = xmlsec.SignatureContext()
         root = self.load_xml("sign_template.xml")
         sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, "Id")
         ctx.register_id(sign, "Id")
 
+    def test_register_id_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        with self.assertRaises(TypeError):
+            ctx.register_id('')
+
+    def test_register_id_with_namespace_without_attribute(self):
+        ctx = xmlsec.SignatureContext()
+        root = self.load_xml("sign_template.xml")
+        sign = xmlsec.template.create(root, consts.TransformExclC14N, consts.TransformRsaSha1, "Id")
+        with self.assertRaisesRegex(xmlsec.Error, 'missing attribute.'):
+            ctx.register_id(sign, "Id", id_ns='foo')
+
+    def test_sign_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.sign('')
+
+    def test_sign_fail(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaisesRegex(xmlsec.InternalError, 'failed to sign'):
+            ctx.sign(self.load_xml('sign1-in.xml'))
+
     def test_sign_case1(self):
         """Should sign a pre-constructed template file using a key from a PEM file."""
         root = self.load_xml("sign1-in.xml")
@@ -134,6 +183,23 @@ def test_sign_case5(self):
         ctx.sign(sign)
         self.assertEqual(self.load_xml("sign5-out.xml"), root)
 
+    def test_sign_binary_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.sign_binary(bytes=1, transform='')
+
+    def test_sign_binary_no_key(self):
+        ctx = xmlsec.SignatureContext()
+        with self.assertRaisesRegex(xmlsec.Error, 'Sign key is not specified.'):
+            ctx.sign_binary(bytes=b'', transform=consts.TransformRsaSha1)
+
+    def test_sign_binary_invalid_signature_method(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaisesRegex(xmlsec.Error, 'incompatible signature method'):
+            ctx.sign_binary(bytes=b'', transform=consts.TransformXslt)
+
     def test_sign_binary(self):
         ctx = xmlsec.SignatureContext()
         ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
@@ -144,6 +210,26 @@ def test_sign_binary(self):
         sign = ctx.sign_binary(self.load("sign6-in.bin"), consts.TransformRsaSha1)
         self.assertEqual(self.load("sign6-out.bin"), sign)
 
+    def test_sign_binary_twice_not_possible(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        data = self.load('sign6-in.bin')
+        ctx.sign_binary(data, consts.TransformRsaSha1)
+        with self.assertRaisesRegex(xmlsec.Error, 'Signature context already used; it is designed for one use only.'):
+            ctx.sign_binary(data, consts.TransformRsaSha1)
+
+    def test_verify_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.verify('')
+
+    def test_verify_fail(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        with self.assertRaisesRegex(xmlsec.InternalError, 'failed to verify'):
+            ctx.verify(self.load_xml('sign1-in.xml'))
+
     def test_verify_case_1(self):
         self.check_verify(1)
 
@@ -191,3 +277,55 @@ def test_validate_binary_sign_fail(self):
         self.assertEqual("rsakey.pem", ctx.key.name)
         with self.assertRaises(xmlsec.Error):
             ctx.verify_binary(self.load("sign6-in.bin"), consts.TransformRsaSha1, b"invalid")
+
+    def test_enable_reference_transform(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        ctx.enable_reference_transform(consts.TransformRsaSha1)
+
+    def test_enable_reference_transform_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.enable_reference_transform('')
+        with self.assertRaises(TypeError):
+            ctx.enable_reference_transform(0)
+        with self.assertRaises(TypeError):
+            ctx.enable_reference_transform(consts.KeyDataAes)
+
+    def test_enable_signature_transform(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        ctx.enable_signature_transform(consts.TransformRsaSha1)
+
+    def test_enable_signature_transform_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.enable_signature_transform('')
+        with self.assertRaises(TypeError):
+            ctx.enable_signature_transform(0)
+        with self.assertRaises(TypeError):
+            ctx.enable_signature_transform(consts.KeyDataAes)
+
+    def test_set_enabled_key_data(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        ctx.set_enabled_key_data([consts.KeyDataAes])
+
+    def test_set_enabled_key_data_empty(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path("rsakey.pem"), format=consts.KeyDataFormatPem)
+        ctx.set_enabled_key_data([])
+
+    def test_set_enabled_key_data_bad_args(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+        with self.assertRaises(TypeError):
+            ctx.set_enabled_key_data(0)
+
+    def test_set_enabled_key_data_bad_list(self):
+        ctx = xmlsec.SignatureContext()
+        ctx.key = xmlsec.Key.from_file(self.path('rsakey.pem'), format=consts.KeyDataFormatPem)
+        with self.assertRaisesRegex(TypeError, 'expected list of KeyData constants.'):
+            ctx.set_enabled_key_data('foo')