| """TUF hash bin delegation (optimal bin numbers) | |
| Calculate the optimal number of bins for given number of target files. | |
| Problem description | |
| =================== | |
| Given 'targets_count', 'bin_meta_size' and 'target_meta_size', I want to know | |
| the optimal 'bin_count', for which 'snapshot_size' plus 'bin_size' are minimal. | |
| Constraints |
| """Serve simple static TUF repo with DSSE metadata (client demo). | |
| Serves ad-hoc generated top-level metadata and single target file from | |
| localhost to demo client-side DSSE support. | |
| Usage: | |
| - Install python-tuf (with DSSE support -- theupdateframework/python-tuf#2385) | |
| - Start this script (quit with ctrl+z) | |
| - Download target with python-tuf example client |
| { | |
| "signatures": [ | |
| { | |
| "keyid": "bb3de7c557a82e1f8b2867dd3e457e51c7f01bd262c4c812eb5818600776f0ad", | |
| "sig": "e7ae9d3cd1c9818bff2a8d2a80a350acc802397f9db0a37a8540656501e42b92daeb3802245ed41ce79c062c18b1619a8af2a139b1147cf4831251d23e8ff104" | |
| } | |
| ], | |
| "signed": { | |
| "_type": "root", | |
| "consistent_snapshot": true, |
| """Inline-disable pylint based on logged messages. | |
| Parses pylint log and adds "# pylint: disable=<msg>, <msg>, .." inline to all flagged | |
| lines, unless the pylint message is of type ERROR or FATAL. | |
| This is useful, to enable a linter on a legacy code base, without the need to address | |
| all warnings right away. | |
| Issues: | |
| - Messages about empty files, e.g. __init__.py are ignored |
There are 2 classes of interesting TUF repository compromise scenarios and corresponding audit questions:
Repository hosting compromised and/or MITM, signing keys safe --> "Can the attacker affect the client in any way?"
Repository hosting compromised and/or MITM, signing keys compromised --> "Can the attacker affect the client beyond the capability of the compromised key in
| import os | |
| import base64 | |
| import time | |
| from selenium import webdriver | |
| from selenium.webdriver.common.by import By | |
| from selenium.webdriver.support.ui import WebDriverWait | |
| TIMEOUT = 10000 |
| #!/usr/bin/env python | |
| """Query GitHub REST API to get org permission for people and teams | |
| Usage: | |
| ./gh_org_info.py <GitHub user name> <AuthToken> <organization name> | |
| Note: To create an authentication token see | |
| https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token | |
| Result: | |
| { | |
| "people": { |
| # coding: utf-8 | |
| """Minimal tuf repo <-> client example, with unicode | |
| - delegated targets role name, and | |
| - target file name | |
| """ | |
| import os, tempfile, shutil, six | |
| from tuf.repository_tool import * | |
| from securesystemslib.process import subprocess, run_duplicate_streams |
| """ | |
| Script to generate and write a basic TUF repo with keys, top-level roles, a | |
| delegated targets role, and BIN_N_COUNT delegated targets roles, for profiling | |
| purposes. | |
| <Usage> | |
| pip install securesystemslib[crypto,pynacl] tuf | |
| curl https://gist.githubusercontent.com/lukpueh/724bd1d7b477f201a9f199b037d85747/raw/profile_tuf_bins.py -o profile_tuf_bins.py | |
| python -m cProfile -o stats profile_tuf_bins.py |
| // Self-educational go snippet to learn about the empty interface{} type. | |
| // Based on @hvoecking's arbitrary structures traversal gist | |
| // https://gist.github.com/hvoecking/10772475 | |
| package main | |
| import ( | |
| "fmt" | |
| "reflect" |