小贝子编程

Pytest 似乎与单元测试中引发的异常不匹配



上下文

我正在尝试使用加密库进行pytest。在测试中,我使用故意损坏的身份验证标记解密和验证某些数据。这样做应该引发"InvalidTag"异常,如以下示例中所述。

我使用以下方式使用 pytest 断言异常:

with pytest.raises(Exception, match='a_string'):
myfunc()

我的代码示例

#!/usr/bin/env python3
import pytest
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
key = bytes.fromhex(
"1111111111111111111111111111111111111111111111111111111111111111")
iv = bytes.fromhex("222222222222222222222222")
aad = bytes.fromhex("33333333333333333333333333333333")
pt = bytes.fromhex("4444444444444444")

def myfunc():
raise ValueError("Exception 123 raised")

def test_match():
with pytest.raises(ValueError, match=r".* 123 .*"):
myfunc()

def decrypt():
# encrypt
encryptor = Cipher(
algorithms.AES(key),
modes.GCM(iv),
backend=default_backend()
).encryptor()
encryptor.authenticate_additional_data(aad)
ct = encryptor.update(pt) + encryptor.finalize()
tag = encryptor.tag
# let us corrupt the tag
corrupted_tag = bytes.fromhex("55555555555555555555555555555555")
# decrypt
decryptor = Cipher(
algorithms.AES(key),
modes.GCM(iv, corrupted_tag),
backend=default_backend()
).decryptor()
decryptor.authenticate_additional_data(aad)
return decryptor.update(ct) + decryptor.finalize()

def test_decrypt():
with pytest.raises(Exception, match='InvalidTag'):
decrypt()

这里真正重要的是函数 test_decrypt((。目前,如果我使用以前的代码运行pytest,我会得到以下输出:

> ▶ pytest
> 
> ============================================== test session starts ===============================================
> platform darwin -- Python 3.8.2, pytest-5.4.2, py-1.8.1, pluggy-0.13.1
> rootdir: somewhere
> collected 2 items                                                                                                
> 
> tests/test_pytest_exception.py .F                                                                          [100%]
> 
> ==================================================== FAILURES ====================================================
> __________________________________________________ test_decrypt __________________________________________________
> 
>     def test_decrypt():
>         with pytest.raises(Exception, match='InvalidTag'):
> >           decrypt()
> 
> tests/test_pytest_exception.py:52: 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> 
>     def decrypt():
>         # encrypt
>         encryptor = Cipher(
>             algorithms.AES(key),
>             modes.GCM(iv),
>             backend=default_backend()
>         ).encryptor()
>         encryptor.authenticate_additional_data(aad)
>         ct = encryptor.update(pt) + encryptor.finalize()
>         tag = encryptor.tag
>     
>         # let us corrupt the tag
>     
>         corrupted_tag = bytes.fromhex("55555555555555555555555555555555")
>     
>         # decrypt
>         decryptor = Cipher(
>             algorithms.AES(key),
>             modes.GCM(iv, corrupted_tag),
>             backend=default_backend()
>         ).decryptor()
>         decryptor.authenticate_additional_data(aad)
>     
> >       return decryptor.update(ct) + decryptor.finalize()
> 
> tests/test_pytest_exception.py:47: 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> 
> self = <cryptography.hazmat.primitives.ciphers.base._AEADCipherContext object at 0x10d2d53a0>
> 
>     def finalize(self):
>         if self._ctx is None:
>             raise AlreadyFinalized("Context was already finalized.")
> >       data = self._ctx.finalize()
> 
> ../../../.local/share/virtualenvs/a_virtual_env/lib/python3.8/site-packages/cryptography/hazmat/primitives/ciphers/base.py:198: 
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
> 
> self = <cryptography.hazmat.backends.openssl.ciphers._CipherContext object at 0x10d2d5040>
> 
>     def finalize(self):
>         # OpenSSL 1.0.1 on Ubuntu 12.04 (and possibly other distributions)
>         # appears to have a bug where you must make at least one call to update
>         # even if you are only using authenticate_additional_data or the
>         # GCM tag will be wrong. An (empty) call to update resolves this
>         # and is harmless for all other versions of OpenSSL.
>         if isinstance(self._mode, modes.GCM):
>             self.update(b"")
>     
>         if (
>             self._operation == self._DECRYPT and
>             isinstance(self._mode, modes.ModeWithAuthenticationTag) and
>             self.tag is None
>         ):
>             raise ValueError(
>                 "Authentication tag must be provided when decrypting."
>             )
>     
>         buf = self._backend._ffi.new("unsigned char[]", self._block_size_bytes)
>         outlen = self._backend._ffi.new("int *")
>         res = self._backend._lib.EVP_CipherFinal_ex(self._ctx, buf, outlen)
>         if res == 0:
>             errors = self._backend._consume_errors()
>     
>             if not errors and isinstance(self._mode, modes.GCM):
> >               raise InvalidTag
> E               cryptography.exceptions.InvalidTag
> 
> ../../../.local/share/virtualenvs/a_virtual_env/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/ciphers.py:170: InvalidTag
> 
> During handling of the above exception, another exception occurred:
> 
>     def test_decrypt():
>         with pytest.raises(Exception, match='InvalidTag'):
> >           decrypt()
> E           AssertionError: Pattern 'InvalidTag' does not match ''
> 
> tests/test_pytest_exception.py:52: AssertionError
> ============================================ short test summary info =============================================
> FAILED tests/test_pytest_exception.py::test_decrypt - AssertionError: Pattern 'InvalidTag' does not match ''
> ========================================== 1 failed, 1 passed in 0.12s ===========================================

从此输出来看,似乎提出了"InvalidTag"异常,但第二个异常也是出于我不明白的原因。 如果我不运行测试,但我只是运行函数 decrypt((,我会得到以下输出:

>   python3 tests/test_pytest_exception.py
> Traceback (most recent call last):
>   File "tests/test_pytest_exception.py", line 54, in <module>
>     decrypt()
>   File "tests/test_pytest_exception.py", line 47, in decrypt
>     return decryptor.update(ct) + decryptor.finalize()
>   File "somewhere/a_virtual_env/lib/python3.8/site-packages/cryptography/hazmat/primitives/ciphers/base.py", line 198, in finalize
>     data = self._ctx.finalize()
>   File "somewhere/a_virtual_env/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/ciphers.py", line 170, in finalize
>     raise InvalidTag
> cryptography.exceptions.InvalidTag

从这个输出中,我毫不怀疑会引发"无效标签"异常。

问题

我想检查在使用 pytest 的单元测试中是否引发"无效标签"异常以通过测试。 根据我之前解释的,我做错了什么?

pytest.raises()match参数对异常的字符串表示形式执行正则表达式匹配,这不是您想要的。

相反,只需将cryptography.exceptions.InvalidTag类型作为第一个参数传递:

from cryptography.exceptions import InvalidTag
...
def test_decrypt():
with pytest.raises(InvalidTag):
decrypt()

你检查的方式错误。您正在验证一般异常,并尝试匹配错误消息,而不是实际异常。我认为它应该是这样的:

from cryptography.exceptions import InvalidTag
def test_decrypt():
with pytest.raises(InvalidTag, match=''):
decrypt()

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium