diff options
Diffstat (limited to 'test/unit_tests/security_tests/ut_load_security_update_whitelist.cpp')
-rw-r--r-- | test/unit_tests/security_tests/ut_load_security_update_whitelist.cpp | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/test/unit_tests/security_tests/ut_load_security_update_whitelist.cpp b/test/unit_tests/security_tests/ut_load_security_update_whitelist.cpp new file mode 100644 index 0000000..5fcd5da --- /dev/null +++ b/test/unit_tests/security_tests/ut_load_security_update_whitelist.cpp @@ -0,0 +1,218 @@ +// Copyright (C) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +#include <memory> +#include <gtest/gtest.h> +#include "../../common/utility.hpp" + +namespace { +std::string configuration_file { "/vsomeip/0_0/vsomeip_security.json" }; +vsomeip_v3::service_t valid_service_id = 0xf91f; +vsomeip_v3::service_t invalid_service_id = 0xf923; +vsomeip_v3::uid_t valid_uid = 4017205; +vsomeip_v3::uid_t invalid_uid = 111111; +} + +// Since this set of tests check a private method, there is the need to indirectly change the +// parameters used by load_security_update_whitelist, and check its changes using other methods. +// The is_policy_removal_allowed method checks if a selected uid is present in the whitelist. +// The is_policy_update_allowed method checks if a selected service_id is present in the whitelist. + +TEST(load_security_update_whitelist, check_uids) +{ + // LOADED POLICY W/O UIDS ON SECURITY WHITELIST ---------------------------------------------// + std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl); + + // Force load of some policies. + std::set<std::string> its_failed; + std::vector<vsomeip_v3::configuration_element> policy_elements; + std::set<std::string> input { utility::get_policies_path() + configuration_file }; + utility::read_data(input, policy_elements, its_failed); + + // Check if the load worked. + ASSERT_EQ(its_failed.size(), 0); + + std::vector<vsomeip_v3::service_t> services; + utility::get_policy_services(policy_elements.at(0), services); + + // Add a security whitelist with an empty list of user uids. + std::vector<vsomeip_v3::uid_t> user_ids; + utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true); + + // Using load function to indirectly call load_security_update_whitelist. + security->load(policy_elements.at(0)); + + // Check that the valid and invalid uids are not present in the whitelist by calling a method + // that verifies that condition. + ASSERT_FALSE(security->is_policy_removal_allowed(valid_uid)) + << "The whitelist unexpectedly holds a valid uid"; + + ASSERT_FALSE(security->is_policy_removal_allowed(invalid_uid)) + << "The whitelist unexpectedly holds an invalid uid"; + + // LOADED POLICY WITH UIDS ON SECURITY WHITELIST ---------------------------------------------// + utility::get_policy_uids(policy_elements.at(0), user_ids); + + // Add a security whitelist with list of user uids loaded. + utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true); + + // Using load function to indirectly call load_security_update_whitelist. + security->load(policy_elements.at(0)); + + // Check that the valid and invalid uids are not present in the whitelist by calling a method + // that verifies that condition. + ASSERT_TRUE(security->is_policy_removal_allowed(valid_uid)) + << "The whitelist expected to hold a valid uid"; + + ASSERT_FALSE(security->is_policy_removal_allowed(invalid_uid)) + << "The whitelist unexpectedly holds an invalid uid"; +} + +TEST(load_security_update_whitelist, check_service_ids) +{ + // LOADED POLICY W/O SERVICE IDS ON SECURITY WHITELIST -------------------------------------// + std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl); + + // Force load of some policies. + std::set<std::string> its_failed; + std::vector<vsomeip_v3::configuration_element> policy_elements; + std::set<std::string> input { utility::get_policies_path() + configuration_file }; + utility::read_data(input, policy_elements, its_failed); + + // Check if the load worked. + ASSERT_EQ(its_failed.size(), 0); + + std::vector<vsomeip_v3::uid_t> user_ids; + utility::get_policy_uids(policy_elements.at(0), user_ids); + + // Add a security whitelist with an empty list of service ids. + std::vector<vsomeip_v3::service_t> services; + utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true); + + // Using load function to indirectly call load_security_update_whitelist. + security->load(policy_elements.at(0)); + + std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>()); + + vsomeip::service_t its_service(valid_service_id); + vsomeip::service_t its_invalid_service(invalid_service_id); + + boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2); + boost::icl::interval_set<vsomeip::method_t> its_methods; + its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2)); + boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>> + its_instances_methods; + its_instances_methods += std::make_pair(its_instances, its_methods); + + // Add a valid request to the policy + policy->requests_ += + std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_service, its_service, boost::icl::interval_bounds::closed()), + its_instances_methods); + + // Check its presence using the is_policy_update_allowed method. + ASSERT_FALSE(security->is_policy_update_allowed(valid_uid, policy)) + << "The whitelist unexpectedly holds a valid service_id"; + + // Add an invalid request to the policy + policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_invalid_service, its_invalid_service, + boost::icl::interval_bounds::closed()), + its_instances_methods); + + // Check its presence using the is_policy_update_allowed method. + ASSERT_FALSE(security->is_policy_update_allowed(valid_uid, policy)) + << "The whitelist unexpectedly holds an invalid service_id"; + + // LOADED POLICY WITH SERVICE IDS ON SECURITY WHITELIST --------------------------------------// + utility::get_policy_services(policy_elements.at(0), services); + utility::add_security_whitelist(policy_elements.at(0), user_ids, services, true); + + security->load(policy_elements.at(0)); + + // Reset the policies pointer to add a correct serviceid and an incorrect one. + policy->requests_.clear(); + + // Add a valid request to the policy. + policy->requests_ += + std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_service, its_service, boost::icl::interval_bounds::closed()), + its_instances_methods); + + // Check its presence using the is_policy_update_allowed method. + ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy)) + << "The whitelist expected to hold a valid service_id"; + + // Add an invalid request to the policy. + policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_invalid_service, its_invalid_service, + boost::icl::interval_bounds::closed()), + its_instances_methods); + + // Check its presence using the is_policy_update_allowed method. + ASSERT_FALSE(security->is_policy_update_allowed(invalid_uid, policy)) + << "The whitelist unexpectedly holds an invalid service_id"; +} + +TEST(load_security_update_whitelist, check_whitelist_disabled) +{ + std::unique_ptr<vsomeip_v3::policy_manager_impl> security(new vsomeip_v3::policy_manager_impl); + + // Force load of some policies. + std::set<std::string> its_failed; + std::vector<vsomeip_v3::configuration_element> policy_elements; + std::set<std::string> input { utility::get_policies_path() + configuration_file }; + utility::read_data(input, policy_elements, its_failed); + + // Check if the load worked. + ASSERT_EQ(its_failed.size(), 0); + + std::vector<vsomeip_v3::uid_t> user_ids; + utility::get_policy_uids(policy_elements.at(0), user_ids); + + std::vector<vsomeip_v3::service_t> services; + utility::get_policy_services(policy_elements.at(0), services); + + // Add a security whitelist with check_whitelist disabled. + utility::add_security_whitelist(policy_elements.at(0), user_ids, services, false); + + security->load(policy_elements.at(0)); + + std::shared_ptr<vsomeip::policy> policy(std::make_shared<vsomeip::policy>()); + + vsomeip::service_t its_service(valid_service_id); + vsomeip::service_t its_invalid_service(invalid_service_id); + + boost::icl::discrete_interval<vsomeip::instance_t> its_instances(0x1, 0x2); + boost::icl::interval_set<vsomeip::method_t> its_methods; + its_methods.insert(boost::icl::interval<vsomeip::method_t>::closed(0x01, 0x2)); + boost::icl::interval_map<vsomeip::instance_t, boost::icl::interval_set<vsomeip::method_t>> + its_instances_methods; + its_instances_methods += std::make_pair(its_instances, its_methods); + + // Add a valid request to the policy. + policy->requests_ += + std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_service, its_service, boost::icl::interval_bounds::closed()), + its_instances_methods); + + ASSERT_TRUE(security->is_policy_removal_allowed(valid_uid)) + << "The whitelist is disabled, a valid uid should be allowed to be removed"; + + ASSERT_TRUE(security->is_policy_removal_allowed(invalid_uid)) + << "The whitelist is disabled, an invalid uid should be allowed to be removed"; + + ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy)) + << "The whitelist is disabled, a valid service_id should be allowed to be updated"; + + // Add an invalid request to the policy. + policy->requests_ += std::make_pair(boost::icl::discrete_interval<vsomeip::service_t>( + its_invalid_service, its_invalid_service, + boost::icl::interval_bounds::closed()), + its_instances_methods); + + ASSERT_TRUE(security->is_policy_update_allowed(valid_uid, policy)) + << "The whitelist is disabled, a valid service_id should be allowed to be updated"; +} |