From 1c08636cbca1fbde6aa6e57057a5520fe034bb4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicki=20K=C5=99=C3=AD=C5=BEek?= Date: Mon, 5 May 2025 18:00:07 +0200 Subject: [PATCH] Ensure supported version of hypothesis is available On FIPS-enabled platforms, we need to ensure a minimal version of hypothesis which no longer uses MD5. This doesn't need to be enforced for other platforms. Move the import magic to a utility module to avoid copy-pasting the boilerplate code around. (cherry picked from commit 0aff715f4040abd21f0bce9d48a2dc3f99186697) --- bin/tests/system/isctest/__init__.py | 5 +++- .../system/isctest/hypothesis/__init__.py | 24 +++++++++++++------ .../system/tsig/tests_tsig_hypothesis.py | 15 +++--------- bin/tests/system/wildcard/tests_wildcard.py | 10 +------- 4 files changed, 25 insertions(+), 29 deletions(-) diff --git a/bin/tests/system/isctest/__init__.py b/bin/tests/system/isctest/__init__.py index b2fb77d001..c3e65d8866 100644 --- a/bin/tests/system/isctest/__init__.py +++ b/bin/tests/system/isctest/__init__.py @@ -19,7 +19,10 @@ from . import run from . import template from . import log from . import vars # pylint: disable=redefined-builtin -from . import hypothesis + +# isctest.hypothesis is intentionally NOT imported, because it detects proper +# hypothesis support and instructs pytest to skip the tests otherwise. It +# should be manually imported only in the modules that require hypothesis. # isctest.mark module is intentionally NOT imported, because it relies on # environment variables which might not be set at the time of import of the diff --git a/bin/tests/system/isctest/hypothesis/__init__.py b/bin/tests/system/isctest/hypothesis/__init__.py index 3ae0deeb24..4cedd8866a 100644 --- a/bin/tests/system/isctest/hypothesis/__init__.py +++ b/bin/tests/system/isctest/hypothesis/__init__.py @@ -9,10 +9,20 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -try: - import hypothesis as _ -except ImportError: - pass -else: - from . import settings - from . import strategies +# This ensures we're using a suitable hypothesis version. A newer version is +# required for FIPS-enabled platforms. + +import hashlib + +import pytest + +MIN_HYPOTHESIS_VERSION = None + +if "md5" not in hashlib.algorithms_available: + # FIPS mode is enabled, use hypothesis 4.41.2 which doesn't use md5 + MIN_HYPOTHESIS_VERSION = "4.41.2" + +pytest.importorskip("hypothesis", minversion=MIN_HYPOTHESIS_VERSION) + +from . import settings +from . import strategies diff --git a/bin/tests/system/tsig/tests_tsig_hypothesis.py b/bin/tests/system/tsig/tests_tsig_hypothesis.py index a0e18d59c8..39dcc8914f 100644 --- a/bin/tests/system/tsig/tests_tsig_hypothesis.py +++ b/bin/tests/system/tsig/tests_tsig_hypothesis.py @@ -17,15 +17,6 @@ import pytest pytest.importorskip("dns", minversion="2.7.0") # TSIG parsing without validation -# in FIPs mode md5 fails so we need 4.41.2 or later which does not use md5 -try: - import hashlib - - hashlib.md5(b"1234") - pytest.importorskip("hypothesis") -except ValueError: - pytest.importorskip("hypothesis", minversion="4.41.2") - import dns.exception import dns.message import dns.name @@ -35,12 +26,12 @@ import dns.rdtypes.ANY.TSIG import dns.rrset import dns.tsig -from hypothesis import assume, example, given -from hypothesis.strategies import binary, booleans, composite, just, sampled_from - import isctest from isctest.hypothesis.strategies import dns_names, uint +from hypothesis import assume, example, given +from hypothesis.strategies import binary, booleans, composite, just, sampled_from + pytestmark = pytest.mark.extra_artifacts( [ diff --git a/bin/tests/system/wildcard/tests_wildcard.py b/bin/tests/system/wildcard/tests_wildcard.py index 37a4d15b2d..cad2eb0757 100755 --- a/bin/tests/system/wildcard/tests_wildcard.py +++ b/bin/tests/system/wildcard/tests_wildcard.py @@ -38,17 +38,9 @@ import dns.rdataclass import dns.rdatatype import dns.rrset -# in FIPs mode md5 fails so we need 4.41.2 or later which does not use md5 -try: - import hashlib - - hashlib.md5(b"1234") - pytest.importorskip("hypothesis") -except ValueError: - pytest.importorskip("hypothesis", minversion="4.41.2") +from isctest.hypothesis.strategies import dns_names, dns_rdatatypes_without_meta from hypothesis import assume, example, given, settings -from isctest.hypothesis.strategies import dns_names, dns_rdatatypes_without_meta import isctest.check import isctest.name import isctest.query