jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/native/tests/test_storage_init_new_dir.cpp
Jeremie Fraeys 7efe8bbfbf
native: security hardening, research trustworthiness, and CVE mitigations 
Security Fixes:
- CVE-2024-45339: Add O_EXCL flag to temp file creation in storage_write_entries()
  Prevents symlink attacks on predictable .tmp file paths
- CVE-2025-47290: Use openat_nofollow() in storage_open()
  Closes TOCTOU race condition via path_sanitizer infrastructure
- CVE-2025-0838: Add MAX_BATCH_SIZE=10000 to add_tasks()
  Prevents integer overflow in batch operations

Research Trustworthiness (dataset_hash):
- Deterministic file ordering: std::sort after collect_files()
- Recursive directory traversal: depth-limited with cycle detection
- Documented exclusions: hidden files and special files noted in API

Bug Fixes:
- R1: storage_init path validation for non-existent directories
- R2: safe_strncpy return value check before strcat
- R3: parallel_hash 256-file cap replaced with std::vector
- R4: wire qi_compact_index/qi_rebuild_index stubs
- R5: CompletionLatch race condition fix (hold mutex during decrement)
- R6: ARMv8 SHA256 transform fix (save abcd_pre before vsha256hq_u32)
- R7: fuzz_index_storage header format fix
- R8: enforce null termination in add_tasks/update_tasks
- R9: use 64 bytes (not 65) in combined hash to exclude null terminator
- R10: status field persistence in save()

New Tests:
- test_recursive_dataset.cpp: Verify deterministic recursive hashing
- test_storage_symlink_resistance.cpp: Verify CVE-2024-45339 fix
- test_queue_index_batch_limit.cpp: Verify CVE-2025-0838 fix
- test_sha256_arm_kat.cpp: ARMv8 known-answer tests
- test_storage_init_new_dir.cpp: F1 verification
- test_parallel_hash_large_dir.cpp: F3 verification
- test_queue_index_compact.cpp: F4 verification

All 8 native tests passing. Library ready for research lab deployment.
2026-02-21 13:33:45 -05:00

85 lines
2.8 KiB
C++
Raw Blame History

// test_storage_init_new_dir.cpp - Verify storage_init works on non-existent directories
// Validates F1 fix: storage_init should succeed when queue_dir doesn't exist yet
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <unistd.h>
#include <sys/stat.h>
#include "../queue_index/storage/index_storage.h"
int main() {
// Create a temporary base directory
char tmpdir[] = "/tmp/test_init_XXXXXX";
if (!mkdtemp(tmpdir)) {
printf("FAIL: Could not create temp directory\n");
return 1;
}
// Create a path for a non-existent queue directory
char queue_dir[256];
snprintf(queue_dir, sizeof(queue_dir), "%s/new_queue_dir", tmpdir);
// Verify the directory doesn't exist
struct stat st;
if (stat(queue_dir, &st) == 0) {
printf("FAIL: Queue directory already exists\n");
return 1;
}
// Try to init storage - this should succeed (F1 fix)
IndexStorage storage;
bool result = storage_init(&storage, queue_dir);
if (!result) {
printf("FAIL: storage_init failed on non-existent directory\n");
return 1;
}
// Verify the index_path ends with expected suffix (macOS may add /private prefix)
char expected_suffix[256];
snprintf(expected_suffix, sizeof(expected_suffix), "%s/new_queue_dir/index.bin", tmpdir);
// On macOS, canonicalized paths may have /private prefix
const char* actual_path = storage.index_path;
const char* expected_path = expected_suffix;
// Check if paths match (accounting for /private prefix on macOS)
if (strstr(actual_path, expected_path) == nullptr &&
strcmp(actual_path + (strncmp(actual_path, "/private", 8) == 0 ? 8 : 0),
expected_path + (strncmp(expected_path, "/private", 8) == 0 ? 8 : 0)) != 0) {
printf("FAIL: index_path mismatch\n");
printf(" Expected suffix: %s\n", expected_suffix);
printf(" Got: %s\n", storage.index_path);
return 1;
}
// Now try to open - this should create the directory and file
result = storage_open(&storage);
if (!result) {
printf("FAIL: storage_open failed\n");
return 1;
}
// Verify the directory now exists
if (stat(queue_dir, &st) != 0 || !S_ISDIR(st.st_mode)) {
printf("FAIL: Queue directory was not created\n");
return 1;
}
// Verify the index file exists
if (stat(storage.index_path, &st) != 0) {
printf("FAIL: Index file was not created\n");
return 1;
}
// Cleanup
storage_close(&storage);
storage_cleanup(&storage);
unlink(storage.index_path);
rmdir(queue_dir);
rmdir(tmpdir);
printf("PASS: storage_init works on non-existent directories (F1 fix verified)\n");
return 0;
}
Reference in a new issue View git blame Copy permalink