Add tamper test with auditor alert

Co-authored-by: iknite <[email protected]
BBVA · Dec 18, 2018 · 9fc78bc · 9fc78bc
1 parent 7be3930
commit 9fc78bc
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 102 deletions.
diff --git a/api/tampering/tamper_api.go b/api/tampering/tamper_api.go
@@ -17,7 +17,9 @@
 package tampering
 
 import (
+	"encoding/hex"
 	"encoding/json"
+	"fmt"
 	"net/http"
 
 	"github.com/bbva/qed/api/apihttp"
@@ -28,6 +30,7 @@ import (
 
 type tamperEvent struct {
 	Key       []byte
+	Digest    string
 	KeyDigest []byte
 	Value     []byte
 }
@@ -63,18 +66,27 @@ func tamperFunc(store storage.DeletableStore, hasher hashing.Hasher) http.Handle
 			return
 		}
 
-		tp.KeyDigest = hasher.Do(tp.Key)
+		digest, _ := hex.DecodeString(tp.Digest)
+		tp.KeyDigest = digest
 
 		switch r.Method {
 		case "PATCH":
-			get, _ := store.Get(storage.IndexPrefix, tp.KeyDigest)
+			get, err := store.Get(storage.IndexPrefix, tp.KeyDigest)
+			if err != nil {
+				http.Error(w, fmt.Sprintf("%s: %X", err.Error(), tp.Key), http.StatusUnprocessableEntity)
+				return
+			}
 			log.Debugf("Get: %v", get)
 			mutations := make([]*storage.Mutation, 0)
 			mutations = append(mutations, storage.NewMutation(storage.IndexPrefix, tp.KeyDigest, tp.Value))
 			log.Debugf("Tamper: %v", store.Mutate(mutations))
 
 		case "DELETE":
-			get, _ := store.Get(storage.IndexPrefix, tp.KeyDigest)
+			get, err := store.Get(storage.IndexPrefix, tp.KeyDigest)
+			if err != nil {
+				http.Error(w, fmt.Sprintf("%s: %X", err.Error(), tp.Key), http.StatusUnprocessableEntity)
+				return
+			}
 			log.Debugf("Get: %v", get)
 			log.Debugf("Delete: %v", store.Delete(storage.IndexPrefix, tp.KeyDigest))
 

diff --git a/gossip/auditor/auditor.go b/gossip/auditor/auditor.go
@@ -99,7 +99,9 @@ func (t *MembershipTask) Do() {
 	proof, err := t.qed.MembershipDigest(t.s.Snapshot.EventDigest, t.s.Snapshot.Version)
 	if err != nil {
 		// retry
-		log.Errorf("Error executing membership query: %v", err)
+		t.sendAlert(fmt.Sprintf("Unable to verify snapshot %v", t.s.Snapshot))
+		log.Infof("Error executing membership query: %v", err)
+		return
 	}
 
 	snap, err := t.getSnapshot(proof.CurrentVersion)

diff --git a/tests/e2e/agents_test.go b/tests/e2e/agents_test.go
@@ -17,8 +17,10 @@ package e2e
 
 import (
 	"fmt"
+	"github.com/bbva/qed/hashing"
 	"io/ioutil"
 	"net/http"
+	"os/exec"
 	"strings"
 	"testing"
 	"time"
@@ -84,6 +86,7 @@ func TestAgents(t *testing.T) {
 		let("Add event", func(t *testing.T) {
 			snapshot, err = client.Add(event)
 			assert.NoError(t, err)
+			time.Sleep(2 * time.Second)
 		})
 
 		let("Get signed snapshot from snapshot public storage", func(t *testing.T) {
@@ -109,4 +112,89 @@ func TestAgents(t *testing.T) {
 
 	})
 
+	scenario("Add 1st event. Tamper it. Check auditor alerts correctly", func() {
+		var err error
+
+		let("Add 1st event", func(t *testing.T) {
+			_, err = client.Add(event)
+			assert.NoError(t, err)
+		})
+
+		let("Tamper 1st event", func(t *testing.T) {
+			cmd := exec.Command("curl",
+				"-sS",
+				"-XDELETE",
+				"-H", "Api-Key: my-key",
+				"-H", "Content-type: application/json",
+				"http://localhost:8081/tamper",
+				"-d", fmt.Sprintf(`{"Digest": "%X"}`, hashing.NewSha256Hasher().Do(hashing.Digest(event))),
+			)
+
+			_, err := cmd.CombinedOutput()
+			assert.NoError(t, err, "Subprocess must not exit with status 1")
+
+		})
+
+		let("Check Auditor alerts", func(t *testing.T) {
+			time.Sleep(2 * time.Second)
+			alerts, err := getAlert()
+			assert.NoError(t, err)
+			assert.True(t, strings.Contains(string(alerts), "Unable to verify snapshot"), "Must exist auditor alerts")
+		})
+
+		let("Check Monitor do not create any alert", func(t *testing.T) {
+			time.Sleep(1 * time.Second)
+			alerts, err := getAlert()
+			assert.NoError(t, err)
+			assert.False(t, strings.Contains(string(alerts), "Unable to verify incremental"), "Must not exist monitor alert")
+		})
+
+	})
+
+	// scenario("Add 1st event. Tamper it. Add 2nd event. Check monitor alerts correctly", func() {
+	// 	var err error
+
+	// 	let("Add 1st event", func(t *testing.T) {
+	// 		_, err = client.Add(event)
+	// 		assert.NoError(t, err)
+	// 	})
+
+	// 	let("Tamper 1st event", func(t *testing.T) {
+	// 		cmd := exec.Command("curl",
+	// 			"-sS",
+	// 			"-XDELETE",
+	// 			"-H", "Api-Key: my-key",
+	// 			"-H", "Content-type: application/json",
+	// 			"http://localhost:8081/tamper",
+	// 			"-d", fmt.Sprintf(`{"Digest": "%X"}`, hashing.NewSha256Hasher().Do(hashing.Digest(event))),
+	// 		)
+
+	// 		o, err := cmd.CombinedOutput()
+	// 		fmt.Printf(">>>>>>>>>>>> %s %s\n", event, o)
+	// 		assert.NoError(t, err, "Subprocess must not exit with status 1")
+
+	// 	})
+
+	// 	event2 := rand.RandomString(10)
+	// 	let("Add 2nd event", func(t *testing.T) {
+	// 		_, err = client.Add(event2)
+	// 		assert.NoError(t, err)
+	// 		time.Sleep(2 * time.Second)
+	// 	})
+
+	// 	let("Check Auditor do not create any alert", func(t *testing.T) {
+	// 		time.Sleep(1 * time.Second)
+	// 		alerts, err := getAlert()
+	// 		assert.NoError(t, err)
+	// 		assert.False(t, strings.Contains(string(alerts), "Unable to verify snapshot"), "Must not exist auditor alerts")
+	// 	})
+
+	// 	let("Check Monitor alert", func(t *testing.T) {
+	// 		time.Sleep(1 * time.Second)
+	// 		alerts, err := getAlert()
+	// 		assert.NoError(t, err)
+	// 		assert.True(t, strings.Contains(string(alerts), "Unable to verify incremental"), "Must exist monitor alert")
+	// 	})
+
+	// })
 }
diff --git a/tests/e2e/setup.go b/tests/e2e/setup.go
@@ -58,6 +58,7 @@ func merge(list ...scope.TestF) scope.TestF {
 		for _, elem := range list {
 			elem(t)
 		}
+		time.Sleep(2 * time.Second)
 	}
 }
 

diff --git a/tests/e2e/tamper_test.go b/tests/e2e/tamper_test.go
-Original file line number
+Diff line change
@@ Expand Up / @@ -58,6 +58,7 @@ func merge(list ...scope.TestF) scope.TestF { @@
     		for _, elem := range list {
     			elem(t)
     		}
+    		time.Sleep(2 * time.Second)
     	}
     }
@@ Expand Down @@