forked from security/hakurei
internal/pkg: compute http identifier from url
The previous implementation exposes arbitrary user input to the cache as an identifier, which is highly error-prone and can cause the cache to enter an inconsistent state if the user is not careful. This change replaces the implementation to compute identifier late, using url string as params. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -2,7 +2,6 @@ package pkg_test
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/base64"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"testing"
|
||||
@@ -12,7 +11,7 @@ import (
|
||||
"hakurei.app/internal/pkg"
|
||||
)
|
||||
|
||||
func TestHTTP(t *testing.T) {
|
||||
func TestHTTPGet(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
const testdata = "\x7f\xe1\x69\xa2\xdd\x63\x96\x26\x83\x79\x61\x8b\xf0\x3f\xd5\x16\x9a\x39\x3a\xdb\xcf\xb1\xbc\x8d\x33\xff\x75\xee\x62\x56\xa9\xf0\x27\xac\x13\x94\x69"
|
||||
@@ -23,8 +22,6 @@ func TestHTTP(t *testing.T) {
|
||||
return (pkg.Checksum)(h.Sum(nil))
|
||||
}()
|
||||
|
||||
testdataChecksumString := base64.URLEncoding.EncodeToString(testdataChecksum[:])
|
||||
|
||||
var transport http.Transport
|
||||
client := http.Client{Transport: &transport}
|
||||
transport.RegisterProtocol("file", http.NewFileTransportFS(fstest.MapFS{
|
||||
@@ -33,75 +30,66 @@ func TestHTTP(t *testing.T) {
|
||||
|
||||
checkWithCache(t, []cacheTestCase{
|
||||
{"direct", nil, func(t *testing.T, base *check.Absolute, c *pkg.Cache) {
|
||||
var got []byte
|
||||
if f, err := pkg.NewHTTPGet(
|
||||
f := pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///testdata",
|
||||
testdataChecksum,
|
||||
); err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
} else if got, err = f.Data(); err != nil {
|
||||
)
|
||||
wantIdent := pkg.KindHTTPGet.Ident([]byte("file:///testdata"))
|
||||
if got, err := f.Data(); err != nil {
|
||||
t.Fatalf("Data: error = %v", err)
|
||||
} else if string(got) != testdata {
|
||||
t.Fatalf("Data: %x, want %x", got, testdata)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != testdataChecksum {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, testdataChecksum)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
||||
}
|
||||
|
||||
// check direct validation
|
||||
wantErrMismatch := &pkg.ChecksumMismatchError{
|
||||
Got: testdataChecksum,
|
||||
}
|
||||
if f, err := pkg.NewHTTPGet(
|
||||
f = pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///testdata",
|
||||
pkg.Checksum{},
|
||||
); err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
} else if _, err = f.Data(); !reflect.DeepEqual(err, wantErrMismatch) {
|
||||
)
|
||||
wantErrMismatch := &pkg.ChecksumMismatchError{
|
||||
Got: testdataChecksum,
|
||||
}
|
||||
if _, err := f.Data(); !reflect.DeepEqual(err, wantErrMismatch) {
|
||||
t.Fatalf("Data: error = %#v, want %#v", err, wantErrMismatch)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != (pkg.Checksum{}) {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, pkg.Checksum{})
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
||||
}
|
||||
|
||||
// check direct response error
|
||||
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
||||
if f, err := pkg.NewHTTPGet(
|
||||
f = pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///nonexistent",
|
||||
pkg.Checksum{},
|
||||
); err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
} else if _, err = f.Data(); !reflect.DeepEqual(err, wantErrNotFound) {
|
||||
)
|
||||
wantIdentNonexistent := pkg.KindHTTPGet.Ident([]byte("file:///nonexistent"))
|
||||
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
||||
if _, err := f.Data(); !reflect.DeepEqual(err, wantErrNotFound) {
|
||||
t.Fatalf("Data: error = %#v, want %#v", err, wantErrNotFound)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != (pkg.Checksum{}) {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, pkg.Checksum{})
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdentNonexistent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdentNonexistent))
|
||||
}
|
||||
}, pkg.MustDecode("E4vEZKhCcL2gPZ2Tt59FS3lDng-d_2SKa2i5G_RbDfwGn6EemptFaGLPUDiOa94C")},
|
||||
|
||||
{"cure", nil, func(t *testing.T, base *check.Absolute, c *pkg.Cache) {
|
||||
f, err := pkg.NewHTTPGet(
|
||||
f := pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///testdata",
|
||||
testdataChecksum,
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
}
|
||||
|
||||
wantIdent := pkg.KindHTTPGet.Ident([]byte("file:///testdata"))
|
||||
wantPathname := base.Append(
|
||||
"identifier",
|
||||
testdataChecksumString,
|
||||
pkg.Encode(wantIdent),
|
||||
)
|
||||
var (
|
||||
pathname *check.Absolute
|
||||
checksum pkg.Checksum
|
||||
)
|
||||
if pathname, checksum, err = c.Cure(f); err != nil {
|
||||
if pathname, checksum, err := c.Cure(f); err != nil {
|
||||
t.Fatalf("Cure: error = %v", err)
|
||||
} else if !pathname.Is(wantPathname) {
|
||||
t.Fatalf("Cure: %q, want %q", pathname, wantPathname)
|
||||
@@ -109,45 +97,43 @@ func TestHTTP(t *testing.T) {
|
||||
t.Fatalf("Cure: %x, want %x", checksum, testdataChecksum)
|
||||
}
|
||||
|
||||
var got []byte
|
||||
if got, err = f.Data(); err != nil {
|
||||
if got, err := f.Data(); err != nil {
|
||||
t.Fatalf("Data: error = %v", err)
|
||||
} else if string(got) != testdata {
|
||||
t.Fatalf("Data: %x, want %x", got, testdata)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != testdataChecksum {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, testdataChecksum)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
||||
}
|
||||
|
||||
// check load from cache
|
||||
if f, err = pkg.NewHTTPGet(
|
||||
f = pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///testdata",
|
||||
testdataChecksum,
|
||||
); err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
} else if got, err = f.Data(); err != nil {
|
||||
)
|
||||
if got, err := f.Data(); err != nil {
|
||||
t.Fatalf("Data: error = %v", err)
|
||||
} else if string(got) != testdata {
|
||||
t.Fatalf("Data: %x, want %x", got, testdata)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != testdataChecksum {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, testdataChecksum)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
||||
}
|
||||
|
||||
// check error passthrough
|
||||
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
||||
if f, err = pkg.NewHTTPGet(
|
||||
f = pkg.NewHTTPGet(
|
||||
t.Context(),
|
||||
&client,
|
||||
"file:///nonexistent",
|
||||
pkg.Checksum{},
|
||||
); err != nil {
|
||||
t.Fatalf("NewHTTPGet: error = %v", err)
|
||||
} else if _, _, err = c.Cure(f); !reflect.DeepEqual(err, wantErrNotFound) {
|
||||
)
|
||||
wantIdentNonexistent := pkg.KindHTTPGet.Ident([]byte("file:///nonexistent"))
|
||||
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
||||
if _, _, err := c.Cure(f); !reflect.DeepEqual(err, wantErrNotFound) {
|
||||
t.Fatalf("Pathname: error = %#v, want %#v", err, wantErrNotFound)
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != (pkg.Checksum{}) {
|
||||
t.Fatalf("Ident: %x, want %x", gotIdent, pkg.Checksum{})
|
||||
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdentNonexistent {
|
||||
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdentNonexistent))
|
||||
}
|
||||
}, pkg.MustDecode("4WHaMvRRcCac1uAyXnEklEd2YaNQBj6rXlfMntX9GgYLij3By1znv5QYPGJHYQIH")},
|
||||
}, pkg.MustDecode("bqtn69RkV5E7V7GhhgCFjcvbxmaqrO8DywamM4Tyjf10F6EJBHjXiIa_tFRtF4iN")},
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user