Merge unittest into sha-handling

commit 990c74a1a6 Merge: 86d7ce1 7824f3b Author: koplas <pschwabauer@intevation.de> Date: Fri Nov 22 16:58:46 2024 +0100 Merge branch 'sha-handling' into unittest commit 86d7ce13dc Merge: a6807d2 79b8900 Author: koplas <pschwabauer@intevation.de> Date: Fri Nov 22 16:54:45 2024 +0100 Merge branch 'sha-handling' into unittest commit 79b89009dd Author: koplas <pschwabauer@intevation.de> Date: Fri Nov 22 16:31:56 2024 +0100 Improve hash fetching and logging commit a6807d24d6 Merge: ddb5518 d18d2c3 Author: koplas <pschwabauer@intevation.de> Date: Fri Nov 22 16:51:55 2024 +0100 Merge branch 'sha-handling' into unittest commit d18d2c3bf1 Author: koplas <pschwabauer@intevation.de> Date: Fri Nov 22 16:31:56 2024 +0100 Improve hash fetching and logging commit ddb5518c6d Author: koplas <54645365+koplas@users.noreply.github.com> Date: Tue Sep 17 10:45:25 2024 +0200 Extend SHA marking tests commit 13c94f4fa0 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 20:46:31 2024 +0200 Use temp directory for downloads commit 1819b4896b Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 20:37:55 2024 +0200 Fix rolie feed commit 989e3667ba Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 20:23:22 2024 +0200 Fix provider-metadata.json commit 714735d74a Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 20:08:21 2024 +0200 Implement provider handler commit d488e39947 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 16:26:37 2024 +0200 Add info about gpg key commit a9bf9da130 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 16:12:49 2024 +0200 Rename directory testdata commit 6ca6dfee25 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 16:01:41 2024 +0200 Add initial downloader tests commit 20bee797c6 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 15:58:31 2024 +0200 Fix: Remove unecessary error print commit 8e4e508073 Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 14:50:48 2024 +0200 Extend links test commit 3ba29f94de Author: koplas <pschwabauer@intevation.de> Date: Mon Sep 16 14:11:14 2024 +0200 Add initial directory feed testdata commit dee55aafd9 Author: koplas <54645365+koplas@users.noreply.github.com> Date: Mon Sep 16 10:47:32 2024 +0200 Add initial testdata commit cd9338ae72 Author: koplas <54645365+koplas@users.noreply.github.com> Date: Thu Sep 12 15:54:42 2024 +0200 Add initial download unittests
2025-12-22 05:40:11 +01:00 · 2024-11-27 12:15:21 +01:00 · 2024-11-27 12:15:21 +01:00 · ffb4eff933
commit ffb4eff933
parent 7824f3b48d
30 changed files with 1115 additions and 4 deletions
--- a/cmd/csaf_aggregator/client_test.go
+++ b/cmd/csaf_aggregator/client_test.go
@ -0,0 +1,67 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
+
+package main
+
+import (
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/csaf-poc/csaf_distribution/v3/util"
+)
+
+func Test_downloadJSON(t *testing.T) {
+	tests := []struct {
+		name        string
+		statusCode  int
+		contentType string
+		wantErr     error
+	}{
+		{
+			name:        "status ok, application/json",
+			statusCode:  http.StatusOK,
+			contentType: "application/json",
+			wantErr:     nil,
+		},
+		{
+			name:        "status found, application/json",
+			statusCode:  http.StatusFound,
+			contentType: "application/json",
+			wantErr:     errNotFound,
+		},
+		{
+			name:        "status ok, application/xml",
+			statusCode:  http.StatusOK,
+			contentType: "application/xml",
+			wantErr:     errNotFound,
+		},
+	}
+
+	t.Parallel()
+	for _, testToRun := range tests {
+		test := testToRun
+		t.Run(test.name, func(tt *testing.T) {
+			tt.Parallel()
+			found := func(r io.Reader) error {
+				return nil
+			}
+			server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Add("Content-Type", test.contentType)
+				w.WriteHeader(test.statusCode)
+			}))
+			defer server.Close()
+			hClient := http.Client{}
+			client := util.Client(&hClient)
+			if gotErr := downloadJSON(client, server.URL, found); gotErr != test.wantErr {
+				t.Errorf("downloadJSON: Expected %q but got %q.", test.wantErr, gotErr)
+			}
+		})
+	}
+}
--- a/cmd/csaf_checker/links_test.go
+++ b/cmd/csaf_checker/links_test.go
@ -10,8 +10,12 @@ package main

 import (
 	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
+
+	"github.com/csaf-poc/csaf_distribution/v3/util"
 )

 const page0 = `<html>
@ -31,7 +35,6 @@ const page0 = `<html>
 </html>`

 func TestLinksOnPage(t *testing.T) {
-
 	var links []string

 	err := linksOnPage(
@ -58,3 +61,78 @@ func TestLinksOnPage(t *testing.T) {
 		}
 	}
 }
+
+func Test_listed(t *testing.T) {
+	tests := []struct {
+		name    string
+		badDirs util.Set[string]
+		path    string
+		want    bool
+	}{
+		{
+			name:    "listed path",
+			badDirs: util.Set[string]{},
+			path:    "/white/avendor-advisory-0004.json",
+			want:    true,
+		},
+		{
+			name:    "badDirs contains path",
+			badDirs: util.Set[string]{"/white/": {}},
+			path:    "/white/avendor-advisory-0004.json",
+			want:    false,
+		},
+		{
+			name:    "not found",
+			badDirs: util.Set[string]{},
+			path:    "/not-found/resource.json",
+			want:    false,
+		},
+		{
+			name:    "badDirs does not contain path",
+			badDirs: util.Set[string]{"/bad-dir/": {}},
+			path:    "/white/avendor-advisory-0004.json",
+			want:    true,
+		},
+		{
+			name:    "unlisted path",
+			badDirs: util.Set[string]{},
+			path:    "/white/avendor-advisory-0004-not-listed.json",
+			want:    false,
+		},
+	}
+
+	t.Parallel()
+	for _, testToRun := range tests {
+		test := testToRun
+		t.Run(test.name, func(tt *testing.T) {
+			tt.Parallel()
+			serverURL := ""
+			fs := http.FileServer(http.Dir("../../testdata/simple-directory-provider"))
+			server := httptest.NewTLSServer(fs)
+			defer server.Close()
+
+			serverURL = server.URL
+
+			hClient := server.Client()
+			client := util.Client(hClient)
+
+			pgs := pages{}
+			cfg := config{RemoteValidator: "", RemoteValidatorCache: ""}
+			p, err := newProcessor(&cfg)
+			if err != nil {
+				t.Error(err)
+			}
+			p.client = client
+
+			badDirs := util.Set[string]{}
+			for dir := range test.badDirs {
+				badDirs.Add(serverURL + dir)
+			}
+
+			got, _ := pgs.listed(serverURL+test.path, p, badDirs)
+			if got != test.want {
+				t.Errorf("%q: Expected %t but got %t.", test.name, test.want, got)
+			}
+		})
+	}
+}
--- a/cmd/csaf_downloader/config.go
+++ b/cmd/csaf_downloader/config.go
@ -44,8 +44,8 @@ const (
 type hashAlgorithm string

 const (
-	algSha256 = hashAlgorithm("SHA256")
-	algSha512 = hashAlgorithm("SHA512")
+	algSha256 = hashAlgorithm("sha256")
+	algSha512 = hashAlgorithm("sha512")
 )

 type config struct {
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@ -47,6 +47,7 @@ type hashFetchInfo struct {

 type downloader struct {
 	cfg       *config
+	client    *util.Client // Used for testing
 	keys      *crypto.KeyRing
 	validator csaf.RemoteValidator
 	forwarder *forwarder
@ -131,6 +132,11 @@ func (d *downloader) httpClient() util.Client {

 	client := util.Client(&hClient)

+	// Overwrite for testing purposes
+	if client != nil {
+		client = *d.client
+	}
+
 	// Add extra headers.
 	if len(d.cfg.ExtraHeader) > 0 {
 		client = &util.HeaderClient{
--- a/cmd/csaf_downloader/downloader_test.go
+++ b/cmd/csaf_downloader/downloader_test.go
@ -0,0 +1,218 @@
+// This file is Free Software under the Apache-2.0 License
+// without warranty, see README.md and LICENSES/Apache-2.0.txt for details.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package main
+
+import (
+	"context"
+	"errors"
+	"html/template"
+	"log/slog"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/csaf-poc/csaf_distribution/v3/util"
+)
+
+type ProviderParams struct {
+	URL          string
+	EnableSha256 bool
+	EnableSha512 bool
+}
+
+func ProviderHandler(params *ProviderParams, directoryProvider bool) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		path := "../../testdata/"
+		if directoryProvider {
+			path += "simple-directory-provider"
+		} else {
+			path += "simple-rolie-provider"
+		}
+
+		path += r.URL.Path
+
+		if strings.HasSuffix(r.URL.Path, "/") {
+			path += "index.html"
+		}
+
+		content, err := os.ReadFile(path)
+		if err != nil {
+			w.WriteHeader(http.StatusNotFound)
+			return
+		}
+		switch {
+		case strings.HasSuffix(path, ".html"):
+			w.Header().Add("Content-Type", "text/html")
+		case strings.HasSuffix(path, ".json"):
+			w.Header().Add("Content-Type", "application/json")
+		case strings.HasSuffix(path, ".sha256") && directoryProvider && !params.EnableSha256:
+			w.WriteHeader(http.StatusNotFound)
+			return
+		case strings.HasSuffix(path, ".sha512") && directoryProvider && !params.EnableSha512:
+			w.WriteHeader(http.StatusNotFound)
+			return
+		default:
+			w.Header().Add("Content-Type", "text/plain")
+		}
+
+		tmplt, err := template.New("base").Parse(string(content))
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+		err = tmplt.Execute(w, params)
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+	})
+}
+
+func checkIfFileExists(path string, t *testing.T) bool {
+	if _, err := os.Stat(path); err == nil {
+		return true
+	} else if errors.Is(err, os.ErrNotExist) {
+		return false
+	} else {
+		t.Fatalf("Failed to check if file exists: %v", err)
+		return false
+	}
+}
+
+func TestShaMarking(t *testing.T) {
+	tests := []struct {
+		name              string
+		directoryProvider bool
+		wantSha256        bool
+		wantSha512        bool
+		enableSha256      bool
+		enableSha512      bool
+		preferredHash     hashAlgorithm
+	}{
+		{
+			name:              "want sha256 and sha512",
+			directoryProvider: false,
+			wantSha256:        true,
+			wantSha512:        true,
+			enableSha256:      true,
+			enableSha512:      true,
+		},
+		{
+			name:              "only want sha256",
+			directoryProvider: false,
+			wantSha256:        true,
+			wantSha512:        false,
+			enableSha256:      true,
+			enableSha512:      true,
+			preferredHash:     algSha256,
+		},
+		{
+			name:              "only want sha512",
+			directoryProvider: false,
+			wantSha256:        false,
+			wantSha512:        true,
+			enableSha256:      true,
+			enableSha512:      true,
+			preferredHash:     algSha512,
+		},
+		{
+			name:              "only want sha512",
+			directoryProvider: false,
+			wantSha256:        false,
+			wantSha512:        true,
+			enableSha256:      true,
+			enableSha512:      true,
+			preferredHash:     algSha512,
+		},
+
+		{
+			name:              "only deliver sha256",
+			directoryProvider: false,
+			wantSha256:        true,
+			wantSha512:        false,
+			enableSha256:      true,
+			enableSha512:      false,
+			preferredHash:     algSha512,
+		},
+		{
+			name:              "only want sha256, directory provider",
+			directoryProvider: true,
+			wantSha256:        true,
+			wantSha512:        false,
+			enableSha256:      true,
+			enableSha512:      true,
+			preferredHash:     algSha256,
+		},
+		{
+			name:              "only want sha512, directory provider",
+			directoryProvider: true,
+			wantSha256:        false,
+			wantSha512:        true,
+			enableSha256:      true,
+			enableSha512:      true,
+			preferredHash:     algSha512,
+		},
+	}
+
+	t.Parallel()
+	for _, testToRun := range tests {
+		test := testToRun
+		t.Run(test.name, func(tt *testing.T) {
+			tt.Parallel()
+			serverURL := ""
+			params := ProviderParams{
+				URL:          "",
+				EnableSha256: test.enableSha256,
+				EnableSha512: test.enableSha512,
+			}
+			server := httptest.NewTLSServer(ProviderHandler(&params, test.directoryProvider))
+			defer server.Close()
+
+			serverURL = server.URL
+			params.URL = server.URL
+
+			hClient := server.Client()
+			client := util.Client(hClient)
+
+			tempDir := t.TempDir()
+			cfg := config{LogLevel: &options.LogLevel{Level: slog.LevelDebug}, Directory: tempDir, PreferredHash: test.preferredHash}
+			err := cfg.prepare()
+			if err != nil {
+				t.Fatalf("SHA marking config failed: %v", err)
+			}
+			d, err := newDownloader(&cfg)
+			if err != nil {
+				t.Fatalf("could not init downloader: %v", err)
+			}
+			d.client = &client
+
+			ctx := context.Background()
+			err = d.run(ctx, []string{serverURL + "/provider-metadata.json"})
+			if err != nil {
+				t.Errorf("SHA marking %v: Expected no error, got: %v", test.name, err)
+			}
+			d.close()
+
+			// Check for downloaded hashes
+			sha256Exists := checkIfFileExists(tempDir+"/white/2020/avendor-advisory-0004.json.sha256", t)
+			sha512Exists := checkIfFileExists(tempDir+"/white/2020/avendor-advisory-0004.json.sha512", t)
+
+			if sha256Exists != test.wantSha256 {
+				t.Errorf("%v: expected sha256 hash present to be %v, got: %v", test.name, test.wantSha256, sha256Exists)
+			}
+
+			if sha512Exists != test.wantSha512 {
+				t.Errorf("%v: expected sha512 hash present to be %v, got: %v", test.name, test.wantSha512, sha512Exists)
+			}
+		})
+	}
+}