forked from security/hakurei
Ophestra
4da26681b5
The previous implementation exposes arbitrary user input to the cache as an identifier, which is highly error-prone and can cause the cache to enter an inconsistent state if the user is not careful. This change replaces the implementation to compute identifier late, using url string as params. Signed-off-by: Ophestra <cat@gensokyo.uk>
140 lines
4.5 KiB
Go
140 lines
4.5 KiB
Go
package pkg_test
|
|
|
|
import (
|
|
"crypto/sha512"
|
|
"net/http"
|
|
"reflect"
|
|
"testing"
|
|
"testing/fstest"
|
|
|
|
"hakurei.app/container/check"
|
|
"hakurei.app/internal/pkg"
|
|
)
|
|
|
|
func TestHTTPGet(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
const testdata = "\x7f\xe1\x69\xa2\xdd\x63\x96\x26\x83\x79\x61\x8b\xf0\x3f\xd5\x16\x9a\x39\x3a\xdb\xcf\xb1\xbc\x8d\x33\xff\x75\xee\x62\x56\xa9\xf0\x27\xac\x13\x94\x69"
|
|
|
|
testdataChecksum := func() pkg.Checksum {
|
|
h := sha512.New384()
|
|
h.Write([]byte(testdata))
|
|
return (pkg.Checksum)(h.Sum(nil))
|
|
}()
|
|
|
|
var transport http.Transport
|
|
client := http.Client{Transport: &transport}
|
|
transport.RegisterProtocol("file", http.NewFileTransportFS(fstest.MapFS{
|
|
"testdata": {Data: []byte(testdata), Mode: 0400},
|
|
}))
|
|
|
|
checkWithCache(t, []cacheTestCase{
|
|
{"direct", nil, func(t *testing.T, base *check.Absolute, c *pkg.Cache) {
|
|
f := pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///testdata",
|
|
testdataChecksum,
|
|
)
|
|
wantIdent := pkg.KindHTTPGet.Ident([]byte("file:///testdata"))
|
|
if got, err := f.Data(); err != nil {
|
|
t.Fatalf("Data: error = %v", err)
|
|
} else if string(got) != testdata {
|
|
t.Fatalf("Data: %x, want %x", got, testdata)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
|
}
|
|
|
|
// check direct validation
|
|
f = pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///testdata",
|
|
pkg.Checksum{},
|
|
)
|
|
wantErrMismatch := &pkg.ChecksumMismatchError{
|
|
Got: testdataChecksum,
|
|
}
|
|
if _, err := f.Data(); !reflect.DeepEqual(err, wantErrMismatch) {
|
|
t.Fatalf("Data: error = %#v, want %#v", err, wantErrMismatch)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
|
}
|
|
|
|
// check direct response error
|
|
f = pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///nonexistent",
|
|
pkg.Checksum{},
|
|
)
|
|
wantIdentNonexistent := pkg.KindHTTPGet.Ident([]byte("file:///nonexistent"))
|
|
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
|
if _, err := f.Data(); !reflect.DeepEqual(err, wantErrNotFound) {
|
|
t.Fatalf("Data: error = %#v, want %#v", err, wantErrNotFound)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdentNonexistent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdentNonexistent))
|
|
}
|
|
}, pkg.MustDecode("E4vEZKhCcL2gPZ2Tt59FS3lDng-d_2SKa2i5G_RbDfwGn6EemptFaGLPUDiOa94C")},
|
|
|
|
{"cure", nil, func(t *testing.T, base *check.Absolute, c *pkg.Cache) {
|
|
f := pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///testdata",
|
|
testdataChecksum,
|
|
)
|
|
wantIdent := pkg.KindHTTPGet.Ident([]byte("file:///testdata"))
|
|
wantPathname := base.Append(
|
|
"identifier",
|
|
pkg.Encode(wantIdent),
|
|
)
|
|
if pathname, checksum, err := c.Cure(f); err != nil {
|
|
t.Fatalf("Cure: error = %v", err)
|
|
} else if !pathname.Is(wantPathname) {
|
|
t.Fatalf("Cure: %q, want %q", pathname, wantPathname)
|
|
} else if checksum != testdataChecksum {
|
|
t.Fatalf("Cure: %x, want %x", checksum, testdataChecksum)
|
|
}
|
|
|
|
if got, err := f.Data(); err != nil {
|
|
t.Fatalf("Data: error = %v", err)
|
|
} else if string(got) != testdata {
|
|
t.Fatalf("Data: %x, want %x", got, testdata)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
|
}
|
|
|
|
// check load from cache
|
|
f = pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///testdata",
|
|
testdataChecksum,
|
|
)
|
|
if got, err := f.Data(); err != nil {
|
|
t.Fatalf("Data: error = %v", err)
|
|
} else if string(got) != testdata {
|
|
t.Fatalf("Data: %x, want %x", got, testdata)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdent))
|
|
}
|
|
|
|
// check error passthrough
|
|
f = pkg.NewHTTPGet(
|
|
t.Context(),
|
|
&client,
|
|
"file:///nonexistent",
|
|
pkg.Checksum{},
|
|
)
|
|
wantIdentNonexistent := pkg.KindHTTPGet.Ident([]byte("file:///nonexistent"))
|
|
wantErrNotFound := pkg.ResponseStatusError(http.StatusNotFound)
|
|
if _, _, err := c.Cure(f); !reflect.DeepEqual(err, wantErrNotFound) {
|
|
t.Fatalf("Pathname: error = %#v, want %#v", err, wantErrNotFound)
|
|
} else if gotIdent := pkg.Ident(f); gotIdent != wantIdentNonexistent {
|
|
t.Fatalf("Ident: %s, want %s", pkg.Encode(gotIdent), pkg.Encode(wantIdentNonexistent))
|
|
}
|
|
}, pkg.MustDecode("bqtn69RkV5E7V7GhhgCFjcvbxmaqrO8DywamM4Tyjf10F6EJBHjXiIa_tFRtF4iN")},
|
|
})
|
|
}
|