Precautionary Panic
the build was successful Details

This commit is contained in:
Sarah Jamie Lewis 2020-07-02 13:59:30 -07:00
parent 1de3a9a83a
commit 0150af69f0
2 changed files with 40 additions and 0 deletions

View File

@ -3,6 +3,7 @@ package applications
import (
"cwtch.im/tapir"
"cwtch.im/tapir/primitives/core"
"git.openprivacy.ca/openprivacy/log"
)
// TranscriptApp defines a Tapir Meta-App which provides a global cryptographic transcript
@ -18,6 +19,9 @@ func (TranscriptApp) NewInstance() tapir.Application {
// Init initializes the cryptographic transcript
func (ta *TranscriptApp) Init(connection tapir.Connection) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = core.NewTranscript("tapir-transcript")
}
@ -28,5 +32,19 @@ func (ta *TranscriptApp) Transcript() *core.Transcript {
// PropagateTranscript overrides the default transcript and propagates a transcript from a previous session
func (ta *TranscriptApp) PropagateTranscript(transcript *core.Transcript) {
if ta.transcript != nil {
ta.panic()
}
ta.transcript = transcript
}
func (ta *TranscriptApp) panic() {
// Note: if this is ever happens it is a critical application bug
// This will prevent a misuse of application chains that cause an earlier
// transcript to be overwritten. Since we expect the security of many higher level applications
// to be reliant on the randomness provided by the transcript we want to be actively hostile to any potential
// misuse.
log.Errorf("apps should not attempt to intitalize or overwrite a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
// We could silently fail to do anything here, but that is likely more dangerous in the long run...
panic("apps should not attempt to intitalize or overwrite a transcript a transcript once one has been initialized - this is a CRITICAL bug and so we have safely crashed")
}

View File

@ -0,0 +1,22 @@
package applications
import "testing"
func TestTranscriptApp(t *testing.T) {
ta := new(TranscriptApp)
ta.Init(MockConnection{})
ta.Transcript().NewProtocol("test")
ta.transcript.CommitToTranscript("test-commit")
t.Logf(ta.Transcript().OutputTranscriptToAudit())
// Now we test panic'ing....
defer func() {
if r := recover(); r == nil {
t.Errorf("The code did not panic - it definitely should have")
}
}()
// Attempt to reinitialized the transcript, apps should *never* do this and we want to be hostile to that
// behaviour
ta.Init(MockConnection{})
}