azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 10:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6599d828d29679c7f81b58df10efe2c3d4b95d34
gps-denied-onboard/e2e/_unit_tests/fixtures/test_cve_jpeg.py
T
Oleksandr Bezdieniezhnykh 6599d828d2 [AZ-407] [AZ-444] [AZ-445] Batch 68: fixtures, Tier-2 harness, NFR reporter 
Three blackbox-harness tasks landed together — all depend only on
AZ-406 and unblock the FT-* / NFT-* scenario tasks scheduled for
batches 69+.

AZ-407 — Static fixture builders (3pt):
  * tile-cache-builder/{builder.py, Dockerfile, build.sh} produces a
    deterministic tile-cache-fixture Docker volume from
    _docs/00_problem/input_data/. Reproducibility primitives: sorted
    iteration, frozen PIL JPEG settings, FAISS HNSW32 built single-
    threaded with seeded stub descriptors.
  * age-injector/{age_injector.py, inject.sh} clones the volume and
    shifts capture_date by N×30.44 days; tile JPEG bytes preserved
    bit-identical. Emits synth-age-7mo + synth-age-13mo volumes.
  * cold-boot/cold_boot_fixture.json: frozen FC pose snapshot at
    Derkachi sector centre, schema v1.
  * secrets/mavlink-test-passkey.txt: 64-hex with required
    `# TEST ONLY` header line per AC-5. Passkey-equality test now
    compares the secret line after stripping the header.
  * security/cve-2025-53644.jpg: synthetic 158-byte malformed JPEG
    (truncated SOS marker). OpenCV 4.11.x rejects gracefully with
    imdecode → None. AZ-439 will sharpen for ASan instrumentation.
  * Top-level Makefile with `make fixtures` / `make fixtures-*` /
    `make e2e-tier1*` / `make unit-tests` targets.

AZ-444 — Tier-2 Jetson harness wrapper (5pt):
  * run-tier2.sh rewritten as orchestrator. Detects local
    (aarch64 + TIER2_HOST=localhost) vs remote (ssh into TIER2_HOST).
    New flags: -k/--selector, --build-kind production|asan,
    --reflash (gated behind TIER2_REFLASH_ACK=1 two-key gate),
    --dry-run.
  * tier2-on-jetson.sh (new) — on-device delegate. Verifies
    gps-denied-onboard{,-asan}.service health; restarts with 5s
    tolerance; spawns tegrastats + jtop parallel samplers; tails
    ASan unit's journal in asan mode; drives docker compose with
    TIER=tier2-jetson; forwards SELECTOR to pytest -k.
  * docker/run-tier1.sh (new) — selector-parity sibling.
  * AC-1 (selector parity) and AC-6 (reflash gating) unit-tested via
    --dry-run output assertions. AC-2/AC-3/AC-4/AC-5 are hardware-
    loop ACs verified by the Tier-2 runtime smoke (no Jetson in the
    unit-test layer).

AZ-445 — CSV reporter + evidence bundler refinements (2pt):
  * reporting/nfr_recorder.py (new) — pytest plugin. Provides the
    `nfr_recorder` fixture with record_metric(name, value, ac_id)
    and partial(ac_id, reason). At session end emits:
      - per-nfr/<scenario_id>.json (AC-1)
      - traceability-status.json with every AC ID parsed from
        traceability-matrix.md, classified Covered/PARTIAL/NOT
        COVERED with source scenario IDs (AC-2)
      - regression-baseline.json with all numeric metrics (AC-3)
  * csv_reporter.py extended — `_outcome_to_result` consults the
    aggregator; rows flip PASS → PARTIAL when an AC was marked
    PARTIAL by nfr_recorder (AC-4). Graceful fallback when
    aggregator isn't registered (unit-test contexts).
  * conftest.py registers nfr_recorder in pytest_plugins.
  * New --traceability-matrix CLI flag seeds the NOT COVERED rows.

Build / config:
  * pyproject.toml dev extras: added Pillow>=10.4,<13.0 for the
    tile-cache-builder unit test (broad enough to keep torchvision's
    Pillow 12 pin happy; the production builder runs inside its own
    Docker image with its own pin).
  * Updated test_directory_layout.py to cover 10 new files + replaced
    the byte-equal passkey assertion with the header-stripping
    variant.

Test results:
  * 157 focused tests pass (was 97 in batch 67; +60 new across this
    batch). No regressions.

Module-layout / spec drift:
  * AZ-407 spec text says `tests/fixtures/...`; module-layout
    blackbox_tests entry (commit d7a17a8) authoritatively places the
    harness under `e2e/`. Implementation followed the layout entry.
  * AZ-444 spec mentions `e2e/tier2/run-tier2.sh`; AZ-406 placed it
    at `e2e/jetson/run-tier2.sh`. Kept at `e2e/jetson/` for
    consistency.
  * Cold-boot README ownership: corrected from AZ-419 to AZ-407 per
    AZ-419's own Dependencies field.

Specs archived to _docs/02_tasks/done/. Jira tickets transitioned to
In Testing on commit.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-16 17:18:01 +03:00

108 lines
3.1 KiB
Python
Raw Blame History

"""Tests for the AZ-407 CVE-2025-53644 fixture (AC-6, AC-7)."""
from __future__ import annotations
import hashlib
import os
import subprocess
import sys
from pathlib import Path
import pytest
REPO_ROOT = Path(__file__).resolve().parents[3]
GENERATOR = REPO_ROOT / "e2e" / "fixtures" / "security" / "generate_cve_jpeg.py"
COMMITTED_FIXTURE = REPO_ROOT / "e2e" / "fixtures" / "security" / "cve-2025-53644.jpg"
# Pin the committed fixture's SHA-256 so any change to the generator's
# byte layout fails the unit test explicitly.
COMMITTED_SHA256 = "c281d2f2595916dbbaca8173d2ab37507b6e3c6511aa8e420c1f4e81c877002e"
def _generator_run(out_path: Path) -> None:
env = dict(os.environ, PYTHONHASHSEED="0")
subprocess.run(
[sys.executable, str(GENERATOR), str(out_path)],
check=True,
capture_output=True,
text=True,
env=env,
)
def test_generator_is_idempotent(tmp_path: Path) -> None:
"""AC-6 / determinism: same call → identical bytes."""
# Arrange
out_a = tmp_path / "a.jpg"
out_b = tmp_path / "b.jpg"
# Act
_generator_run(out_a)
_generator_run(out_b)
# Assert
assert out_a.read_bytes() == out_b.read_bytes()
def test_committed_fixture_matches_generator(tmp_path: Path) -> None:
"""The checked-in JPEG must equal the generator's current output."""
# Arrange
regen = tmp_path / "regen.jpg"
# Act
_generator_run(regen)
# Assert
assert COMMITTED_FIXTURE.exists(), "the AZ-407 deliverable JPEG must be checked in"
assert COMMITTED_FIXTURE.read_bytes() == regen.read_bytes(), (
"committed cve-2025-53644.jpg drifted from generator output; "
"re-run `make fixtures-cve` to regenerate"
)
assert hashlib.sha256(COMMITTED_FIXTURE.read_bytes()).hexdigest() == COMMITTED_SHA256
def test_jpeg_has_soi_and_truncated_sos() -> None:
"""Structural sanity: SOI present, SOS present, NO EOI (truncated stream)."""
# Arrange
data = COMMITTED_FIXTURE.read_bytes()
# Assert
assert data.startswith(b"\xff\xd8"), "missing SOI marker"
assert b"\xff\xda" in data, "missing SOS marker"
assert not data.endswith(b"\xff\xd9"), "EOI present — CVE truncation is gone"
def test_opencv_rejects_without_crash() -> None:
"""AC-6: OpenCV must return a clean None imdecode result, no crash."""
# Arrange
cv2 = pytest.importorskip("cv2", reason="opencv-python not in test venv")
import numpy as np # noqa: PLC0415
# Act
buf = np.fromfile(str(COMMITTED_FIXTURE), dtype=np.uint8)
img = cv2.imdecode(buf, cv2.IMREAD_COLOR)
# Assert
assert img is None, (
"OpenCV decoded the malformed JPEG — the AZ-407 fixture no longer "
"exercises the CVE-2025-53644 truncation path"
)
def test_provenance_readme_exists() -> None:
"""AC-7: README documents source, license, redistribution."""
# Arrange
readme = REPO_ROOT / "e2e" / "fixtures" / "security" / "README.md"
# Assert
assert readme.exists()
content = readme.read_text()
assert "Provenance" in content
assert "Re-distribution" in content
assert "License" in content
Reference in New Issue View Git Blame Copy Permalink