Bugfix/backport chef16 checksum validation (#13322)

* Add a case-insensitive helper to determine if two checksums match Signed-off-by: Joseph Larionov <jlarionov@webmd.net> * Use case-insensitive checksum match helper for checksum validation This fixes a bug where checksum validation fails because the two checksums are in different letter cases. The existing checksum validation logic was using case sensitive equality checks. Signed-off-by: Joseph Larionov <jlarionov@webmd.net> Signed-off-by: Joseph Larionov <jlarionov@webmd.net>
author: Joseph Larionov <30190605+decoyjoe@users.noreply.github.com> 2023-01-10 04:24:53 -0800
committer: GitHub <noreply@github.com> 2023-01-10 17:54:53 +0530
commit: 72f85d8a8a6a135ccb84a1c3b19e63fb1fe79046 (patch)
tree: 8ea5cb322deee47abf2df4d023942dd8b9660faf
parent: edb790dfde56f4137ed83d7a2d94a85d30fdd062 (diff)
download: chef-72f85d8a8a6a135ccb84a1c3b19e63fb1fe79046.tar.gz
4 files changed, 37 insertions, 3 deletions
diff --git a/lib/chef/mixin/checksum.rb b/lib/chef/mixin/checksum.rb
index 083e524d63..10ecac0b36 100644
--- a/lib/chef/mixin/checksum.rb
+++ b/lib/chef/mixin/checksum.rb
@@ -31,6 +31,12 @@ class Chef
 
         checksum.slice(0, 6)
       end
+
+      def checksum_match?(ref_checksum, diff_checksum)
+        return false if ref_checksum.nil? || diff_checksum.nil?
+
+        ref_checksum.casecmp?(diff_checksum)
+      end
     end
   end
 end
diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb
index fa77015153..08e67fb69b 100644
--- a/lib/chef/provider/file.rb
+++ b/lib/chef/provider/file.rb
@@ -334,7 +334,7 @@ class Chef
       end
 
       def do_validate_content
-        if new_resource.checksum && tempfile && ( new_resource.checksum != tempfile_checksum )
+        if new_resource.checksum && tempfile && !checksum_match?(new_resource.checksum, tempfile_checksum)
           raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(tempfile_checksum))
         end
 
@@ -448,7 +448,7 @@ class Chef
 
       def contents_changed?
         logger.trace "calculating checksum of #{tempfile.path} to compare with #{current_resource.checksum}"
-        tempfile_checksum != current_resource.checksum
+        !checksum_match?(tempfile_checksum, current_resource.checksum)
       end
 
       def tempfile
diff --git a/lib/chef/provider/package/windows.rb b/lib/chef/provider/package/windows.rb
index c722d8222c..f2fe3c4025 100644
--- a/lib/chef/provider/package/windows.rb
+++ b/lib/chef/provider/package/windows.rb
@@ -38,7 +38,7 @@ class Chef
         def define_resource_requirements
           if new_resource.checksum
             requirements.assert(:install) do |a|
-              a.assertion { new_resource.checksum == checksum(source_location) }
+              a.assertion { checksum_match?(new_resource.checksum, checksum(source_location)) }
               a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
             end
           end
diff --git a/spec/unit/mixin/checksum_spec.rb b/spec/unit/mixin/checksum_spec.rb
index e8fb1ed4dc..9c1e19769d 100644
--- a/spec/unit/mixin/checksum_spec.rb
+++ b/spec/unit/mixin/checksum_spec.rb
@@ -51,4 +51,32 @@ describe Chef::Mixin::Checksum do
     end
   end
 
+  describe "checksum_match?" do
+    context "when checksum cases match" do
+      it "returns true" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
+      end
+    end
+
+    context "when one checksum is uppercase and other is lowercase" do
+      it "returns true" do
+        expect(@checksum_user.checksum_match?("U7GHBXIKK3I9BLSIMMY2Y2IONMXX", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
+      end
+    end
+
+    context "when checksums do not match" do
+      it "returns false" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "09ee9c8cc70501763563bcf9c218")).to be false
+      end
+    end
+
+    context "when checksum is nil" do
+      it "returns false" do
+        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", nil)).to be false
+        expect(@checksum_user.checksum_match?(nil, "09ee9c8cc70501763563bcf9c218")).to be false
+        expect(@checksum_user.checksum_match?(nil, nil)).to be false
+      end
+    end
+  end
+
 end
author	Joseph Larionov <30190605+decoyjoe@users.noreply.github.com>	2023-01-10 04:24:53 -0800
committer	GitHub <noreply@github.com>	2023-01-10 17:54:53 +0530
commit	72f85d8a8a6a135ccb84a1c3b19e63fb1fe79046 (patch)
tree	8ea5cb322deee47abf2df4d023942dd8b9660faf
parent	edb790dfde56f4137ed83d7a2d94a85d30fdd062 (diff)
download	chef-72f85d8a8a6a135ccb84a1c3b19e63fb1fe79046.tar.gz