anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d18c592012489c05e4d987e0c81f24c000e0511
DECNET/tests/swarm/test_tar_tree.py
anti 28327a9b4e fix(swarm): ship update tarball from an explicit include-list, never secrets 
tar_working_tree walked the whole working tree minus a blocklist that
omitted .env.local, *.key, *.pem, *.crt — so the JWT secret, Fernet key,
admin password, DB creds and TLS private keys fanned out to every worker
on each update push.

Invert to an allowlist (DEFAULT_INCLUDES = pyproject.toml + LICENSE +
README.md + decnet/), the exact surface 'pip install .' needs; decnet/
carries its own package-data. A defensive _HYGIENE_PATTERNS layer drops
secret-/churn-shaped files even if nested under decnet/. extra_excludes
can still narrow but can no longer widen past the allowlist.

Verified against the live repo: the bundle carries the package + metadata
and zero secret/db/log/pyc files, and pip-installs clean from the
extracted tree.
2026-05-30 17:26:23 -04:00

120 lines
5.1 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""tar_working_tree: include allowlist, secret exclusion, tarball validity, git SHA."""
from __future__ import annotations
import io
import pathlib
import tarfile
from decnet.swarm.tar_tree import detect_git_sha, tar_working_tree
def _tree_names(data: bytes) -> set[str]:
with tarfile.open(fileobj=io.BytesIO(data), mode="r:gz") as tar:
return {m.name for m in tar.getmembers()}
def _seed_tree(root: pathlib.Path) -> None:
"""A realistic master working tree: package + metadata + a pile of junk
and secrets that must NOT ship."""
(root / "decnet").mkdir()
(root / "decnet" / "__init__.py").write_text("")
(root / "decnet" / "agent.py").write_text("x = 1")
(root / "decnet" / "templates").mkdir()
(root / "decnet" / "templates" / "base.j2").write_text("data")
(root / "decnet" / "__pycache__").mkdir()
(root / "decnet" / "__pycache__" / "agent.cpython-311.pyc").write_text("bytecode")
(root / "pyproject.toml").write_text("[project]\nname='decnet'\n")
(root / "LICENSE").write_text("AGPL")
(root / "README.md").write_text("# decnet")
# ---- secrets / junk that the OLD exclude-list would have leaked ----
(root / ".env.local").write_text("DECNET_JWT_SECRET=topsecret")
(root / ".env").write_text("X=Y")
(root / "tls.key").write_text("-----BEGIN PRIVATE KEY-----")
(root / "ca.pem").write_text("-----BEGIN CERTIFICATE-----")
(root / "decnet.db").write_text("sqlite")
(root / "master.log").write_text("log")
(root / "decnet_web").mkdir() # dashboard source — not a package
(root / "decnet_web" / "app.tsx").write_text("ui")
(root / "tests").mkdir()
(root / "tests" / "test_x.py").write_text("assert True")
def test_tar_ships_only_the_package_and_metadata(tmp_path: pathlib.Path) -> None:
_seed_tree(tmp_path)
names = _tree_names(tar_working_tree(tmp_path))
assert "decnet/agent.py" in names
assert "decnet/__init__.py" in names
assert "decnet/templates/base.j2" in names # package-data ships
assert "pyproject.toml" in names
assert "LICENSE" in names
assert "README.md" in names
# Nothing outside the allowlist:
assert not any(n.startswith("decnet_web") for n in names)
assert not any(n.startswith("tests") for n in names)
def test_tar_never_ships_secrets_or_db_or_churn(tmp_path: pathlib.Path) -> None:
# The whole point of the include-list: these existed at the root and the
# bundle must not carry a single one of them.
_seed_tree(tmp_path)
names = _tree_names(tar_working_tree(tmp_path))
for forbidden in (".env.local", ".env", "tls.key", "ca.pem", "decnet.db", "master.log"):
assert forbidden not in names, f"leaked {forbidden}"
assert not any("__pycache__" in n or n.endswith(".pyc") for n in names)
def test_secret_nested_under_package_is_still_dropped(tmp_path: pathlib.Path) -> None:
# Defensive hygiene: even a secret-shaped file *inside* decnet/ is excluded.
_seed_tree(tmp_path)
(tmp_path / "decnet" / "worker.key").write_text("oops")
(tmp_path / "decnet" / ".env.prod").write_text("SECRET=1")
names = _tree_names(tar_working_tree(tmp_path))
assert "decnet/worker.key" not in names
assert "decnet/.env.prod" not in names
assert "decnet/agent.py" in names # real source still present
def test_extra_excludes_narrows_within_allowlist(tmp_path: pathlib.Path) -> None:
_seed_tree(tmp_path)
names = _tree_names(tar_working_tree(tmp_path, extra_excludes=["decnet/agent.py"]))
assert "decnet/agent.py" not in names
assert "decnet/__init__.py" in names
def test_extra_excludes_cannot_widen_beyond_allowlist(tmp_path: pathlib.Path) -> None:
# Passing a non-allowlisted include via extra_excludes is meaningless —
# excludes can only remove, never add. decnet_web stays out.
_seed_tree(tmp_path)
names = _tree_names(tar_working_tree(tmp_path, extra_excludes=[]))
assert not any(n.startswith("decnet_web") for n in names)
def test_tar_skips_symlinks(tmp_path: pathlib.Path) -> None:
(tmp_path / "decnet").mkdir()
(tmp_path / "decnet" / "real.py").write_text("hi")
try:
(tmp_path / "decnet" / "link.py").symlink_to(tmp_path / "decnet" / "real.py")
except (OSError, NotImplementedError):
return # platform doesn't support symlinks — skip
names = _tree_names(tar_working_tree(tmp_path))
assert "decnet/real.py" in names
assert "decnet/link.py" not in names
def test_detect_git_sha_from_ref(tmp_path: pathlib.Path) -> None:
(tmp_path / ".git" / "refs" / "heads").mkdir(parents=True)
(tmp_path / ".git" / "refs" / "heads" / "main").write_text("deadbeef" * 5 + "\n")
(tmp_path / ".git" / "HEAD").write_text("ref: refs/heads/main\n")
assert detect_git_sha(tmp_path).startswith("deadbeef")
def test_detect_git_sha_detached(tmp_path: pathlib.Path) -> None:
(tmp_path / ".git").mkdir()
(tmp_path / ".git" / "HEAD").write_text("f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0\n")
assert detect_git_sha(tmp_path).startswith("f0f0")
def test_detect_git_sha_none_when_not_repo(tmp_path: pathlib.Path) -> None:
assert detect_git_sha(tmp_path) == ""
Reference in New Issue View Git Blame Copy Permalink