Add tests for no hash given or available

2025-12-22 11:55:40 +01:00 · 2024-12-13 15:54:39 +01:00 · 2024-12-13 15:54:39 +01:00 · 9dd4b7fc8d
commit 9dd4b7fc8d
parent ebd96011fc
6 changed files with 711 additions and 44 deletions
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@ -20,7 +20,6 @@ import (
 	"fmt"
 	"io"
 	"log"
-	"log/slog"
 	"net/http"
 	"net/url"
 	"path/filepath"
@ -586,14 +585,11 @@ func (p *processor) rolieFeedEntries(feed string) ([]csaf.AdvisoryFile, error) {

 		switch {
 		case sha256 == "" && sha512 == "":
-			slog.Error("No hash listed on ROLIE feed", "file", url)
-			return
+			p.badROLIEFeed.error("No hash listed on ROLIE feed %s", url)
 		case sign == "":
-			slog.Error("No signature listed on ROLIE feed", "file", url)
-			return
-		default:
-			file = csaf.PlainAdvisoryFile{Path: url, SHA256: sha256, SHA512: sha512, Sign: sign}
+			p.badROLIEFeed.error("No signature listed on ROLIE feed %s", url)
 		}
+		file = csaf.PlainAdvisoryFile{Path: url, SHA256: sha256, SHA512: sha512, Sign: sign}

 		files = append(files, file)
 	})
--- a/cmd/csaf_checker/processor_test.go
+++ b/cmd/csaf_checker/processor_test.go
@ -29,6 +29,9 @@ func getRequirementTestData(t *testing.T, params testutil.ProviderParams, direct
 	if params.EnableSha512 {
 		path += "sha512-"
 	}
+	if params.ForbidHashFetching {
+		path += "forbid-hash-fetching-"
+	}
 	if directoryProvider {
 		path += "directory"
 	} else {
@ -61,46 +64,74 @@ func getRequirementTestData(t *testing.T, params testutil.ProviderParams, direct

 func TestShaMarking(t *testing.T) {
 	tests := []struct {
-		name              string
-		directoryProvider bool
-		enableSha256      bool
-		enableSha512      bool
+		name               string
+		directoryProvider  bool
+		enableSha256       bool
+		enableSha512       bool
+		forbidHashFetching bool
 	}{
 		{
-			name:              "deliver sha256 and sha512",
-			directoryProvider: false,
-			enableSha256:      true,
-			enableSha512:      true,
+			name:               "deliver sha256 and sha512",
+			directoryProvider:  false,
+			enableSha256:       true,
+			enableSha512:       true,
+			forbidHashFetching: false,
 		},
 		{
-			name:              "only deliver sha256",
-			directoryProvider: false,
-			enableSha256:      true,
-			enableSha512:      false,
+			name:               "enable sha256 and sha512, forbid fetching",
+			directoryProvider:  false,
+			enableSha256:       true,
+			enableSha512:       true,
+			forbidHashFetching: true,
 		},
 		{
-			name:              "only deliver sha512",
-			directoryProvider: false,
-			enableSha256:      false,
-			enableSha512:      true,
+			name:               "only deliver sha256",
+			directoryProvider:  false,
+			enableSha256:       true,
+			enableSha512:       false,
+			forbidHashFetching: false,
 		},
 		{
-			name:              "deliver sha256 and sha512, directory provider",
-			directoryProvider: true,
-			enableSha256:      true,
-			enableSha512:      true,
+			name:               "only deliver sha512",
+			directoryProvider:  false,
+			enableSha256:       false,
+			enableSha512:       true,
+			forbidHashFetching: false,
 		},
 		{
-			name:              "only deliver sha256, directory provider",
-			directoryProvider: true,
-			enableSha256:      true,
-			enableSha512:      false,
+			name:               "deliver sha256 and sha512, directory provider",
+			directoryProvider:  true,
+			enableSha256:       true,
+			enableSha512:       true,
+			forbidHashFetching: false,
 		},
 		{
-			name:              "only deliver sha512, directory provider",
-			directoryProvider: true,
-			enableSha256:      false,
-			enableSha512:      true,
+			name:               "only deliver sha256, directory provider",
+			directoryProvider:  true,
+			enableSha256:       true,
+			enableSha512:       false,
+			forbidHashFetching: false,
+		},
+		{
+			name:               "only deliver sha512, directory provider",
+			directoryProvider:  true,
+			enableSha256:       false,
+			enableSha512:       true,
+			forbidHashFetching: false,
+		},
+		{
+			name:               "no hash",
+			directoryProvider:  false,
+			enableSha256:       false,
+			enableSha512:       false,
+			forbidHashFetching: false,
+		},
+		{
+			name:               "no hash, directory provider",
+			directoryProvider:  true,
+			enableSha256:       false,
+			enableSha512:       false,
+			forbidHashFetching: false,
 		},
 	}

@ -111,9 +142,10 @@ func TestShaMarking(t *testing.T) {
 			tt.Parallel()
 			serverURL := ""
 			params := testutil.ProviderParams{
-				URL:          "",
-				EnableSha256: test.enableSha256,
-				EnableSha512: test.enableSha512,
+				URL:                "",
+				EnableSha256:       test.enableSha256,
+				EnableSha512:       test.enableSha512,
+				ForbidHashFetching: test.forbidHashFetching,
 			}
 			server := httptest.NewTLSServer(testutil.ProviderHandler(&params, test.directoryProvider))
 			defer server.Close()
@ -141,9 +173,10 @@ func TestShaMarking(t *testing.T) {
 			}
 			expected := getRequirementTestData(t,
 				testutil.ProviderParams{
-					URL:          serverURL,
-					EnableSha256: test.enableSha256,
-					EnableSha512: test.enableSha512,
+					URL:                serverURL,
+					EnableSha256:       test.enableSha256,
+					EnableSha512:       test.enableSha512,
+					ForbidHashFetching: test.forbidHashFetching,
 				},
 				test.directoryProvider)
 			for i, got := range report.Domains[0].Requirements {