From b3706148a6a94b775f9cdf5b2882de07d9e58d5b Mon Sep 17 00:00:00 2001 From: renbin Date: Wed, 21 Aug 2024 15:20:36 +0800 Subject: [PATCH] fix: update hierarchical verify code Update hierarchical verify code from 65280 to 256, both error codes are available. Log: Update hierarchical verify code. Bug: https://pms.uniontech.com/bug-view-269341.html --- .../utils/hierarchicalverify.cpp | 12 +++++++----- tests/src/utils/ut_hierarchicalverify.cpp | 19 ++++++++++++++++++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/src/deb-installer/utils/hierarchicalverify.cpp b/src/deb-installer/utils/hierarchicalverify.cpp index a0c81090..4f06e3a7 100644 --- a/src/deb-installer/utils/hierarchicalverify.cpp +++ b/src/deb-installer/utils/hierarchicalverify.cpp @@ -25,13 +25,14 @@ const char DBUS_DEFENDER_SECURITYTOOLS[] = "securitytools"; const char DBUS_DEFENDER_APP_SAFETY[] = "application-safety"; // 匹配正则,%1为错误码 -const char VERIFY_ERROR_REGEXP[] = "(deepin)+[^\\n]*(hook)+[^\\n]*%1"; +const char VERIFY_ERROR_REGEXP[] = "(deepin)+[^\\n]*(hook)+[^\\n]*(%1|%2)\\b"; /** @brief dpkg校验错误码,当前仅验签错误 */ enum HierarchicalError { - VerifyError = 65280, ///< dpkg hook 签名校验错误码 + VerifyError = 65280, ///< dpkg hook 签名校验错误码 + VerffyErrorVer2 = 256, ///< dpkg hook 签名校验错误码 1071 及之后更新使用 }; /** @@ -43,9 +44,9 @@ enum HierarchicalError { 安装器接收输出信息并判断是否为验签错误。 */ -HierarchicalVerify::HierarchicalVerify() {} +HierarchicalVerify::HierarchicalVerify() { } -HierarchicalVerify::~HierarchicalVerify() {} +HierarchicalVerify::~HierarchicalVerify() { } /** @return 返回分级管控签名校验辅助类实例 @@ -84,10 +85,11 @@ bool HierarchicalVerify::isValid() @brief 检测软件包 \a pkgName 安装失败时的错误信息 \a errorString 中是否包含验签不通过的错误信息。 @warning 通过正则表达式匹配输出,当前通过 hook 标志和错误码 65280 匹配,需注意命令行输出信息更新未正常匹配的情况 + * 1071 更新错误码为 256 ,进行兼容处理 */ bool HierarchicalVerify::checkTransactionError(const QString &pkgName, const QString &errorString) { - static QRegExp s_ErrorReg(QString(VERIFY_ERROR_REGEXP).arg(VerifyError)); + static QRegExp s_ErrorReg(QString(VERIFY_ERROR_REGEXP).arg(VerifyError).arg(VerffyErrorVer2)); if (errorString.contains(s_ErrorReg)) { invalidPackages.insert(pkgName); qWarning() << QString("[Hierarchical] Package %1 detected hierarchical error!").arg(pkgName); diff --git a/tests/src/utils/ut_hierarchicalverify.cpp b/tests/src/utils/ut_hierarchicalverify.cpp index 2ad976ca..26fdf221 100644 --- a/tests/src/utils/ut_hierarchicalverify.cpp +++ b/tests/src/utils/ut_hierarchicalverify.cpp @@ -70,7 +70,14 @@ TEST_F(ut_HierarchicalVerify_TEST, checkTransactionError_TestRegExp_True) ASSERT_TRUE(hVerify->checkTransactionError("pkg2", "deepinhookhook65280")); ASSERT_TRUE(hVerify->checkTransactionError("pkg2", "Error:deepin hook exit code 65280")); - QSet pkgSet{"pkg", "pkg2"}; + // 1071 调整错误码为 256 + ASSERT_TRUE(hVerify->checkTransactionError("pkg2", "deepinhookhook256")); + ASSERT_TRUE(hVerify->checkTransactionError("pkg2", "Error:deepin hook exit code 256")); + ASSERT_TRUE(hVerify->checkTransactionError("pkg2", + "执行钩子 if test -x /usr/sbin/deepin-pkg-install-hook;then /usr/sbin/deepin-pkg " + "install-hook -e hc-verifysign;fi 出错,退出状态为 256")); + + QSet pkgSet { "pkg", "pkg2" }; ASSERT_EQ(hVerify->invalidPackages, pkgSet); } @@ -83,6 +90,16 @@ TEST_F(ut_HierarchicalVerify_TEST, checkTransactionError_TestRegExp_False) ASSERT_FALSE(hVerify->checkTransactionError("pkg2", "deepinh-ookh-ook65280")); ASSERT_FALSE(hVerify->checkTransactionError("pkg2", "Error:deepin hook \n exit code 65280")); + // 1071 调整错误码为 256 + ASSERT_FALSE(hVerify->checkTransactionError("pkg2", "deepinhookhook25")); + ASSERT_FALSE(hVerify->checkTransactionError("pkg2", "Error:deepin hook exit code 255")); + ASSERT_FALSE(hVerify->checkTransactionError("pkg2", + "执行钩子 if test -x /usr/sbin/deepin-pkg-install-hook;then /usr/sbin/deepin-pkg " + "install-hook -e hc-verifysign;fi 出错,退出状态为 \n测试代码")); + ASSERT_FALSE(hVerify->checkTransactionError("pkg2", + "执行钩子 if test -x /usr/sbin/deepin-pkg-install-hook;then /usr/sbin/deepin-pkg " + "install-hook -e hc-verifysign;fi 出错,退出状态为 xxx")); + ASSERT_TRUE(hVerify->invalidPackages.isEmpty()); }