diff options
| author | John McCrae <john.mccrae@progress.com> | 2023-05-09 12:32:37 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-09 15:32:37 -0400 |
| commit | c8d4fbc8c58bd252037a95e47b84e1467c3b8533 (patch) | |
| tree | dcc7ea665eb73a4877ff79a5d9cc976229bfc54e | |
| parent | 14c8b28ab3003f158a246432c3a63ff3e9d27091 (diff) | |
| download | chef-c8d4fbc8c58bd252037a95e47b84e1467c3b8533.tar.gz | |
[chef-17] 25 of X - Backport Checksum Validation (#13750)
Signed-off-by: John <john.mccrae@progress.com>
| -rw-r--r-- | lib/chef/mixin/checksum.rb | 6 | ||||
| -rw-r--r-- | lib/chef/provider/file.rb | 4 | ||||
| -rw-r--r-- | lib/chef/provider/package/windows.rb | 2 | ||||
| -rw-r--r-- | spec/unit/mixin/checksum_spec.rb | 28 |
4 files changed, 37 insertions, 3 deletions
diff --git a/lib/chef/mixin/checksum.rb b/lib/chef/mixin/checksum.rb index 083e524d63..10ecac0b36 100644 --- a/lib/chef/mixin/checksum.rb +++ b/lib/chef/mixin/checksum.rb @@ -31,6 +31,12 @@ class Chef checksum.slice(0, 6) end + + def checksum_match?(ref_checksum, diff_checksum) + return false if ref_checksum.nil? || diff_checksum.nil? + + ref_checksum.casecmp?(diff_checksum) + end end end end diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb index 4ac86a6c8a..02611af4eb 100644 --- a/lib/chef/provider/file.rb +++ b/lib/chef/provider/file.rb @@ -336,7 +336,7 @@ class Chef end def do_validate_content - if new_resource.checksum && tempfile && ( new_resource.checksum != tempfile_checksum ) + if new_resource.checksum && tempfile && !checksum_match?(new_resource.checksum, tempfile_checksum) raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(tempfile_checksum)) end @@ -450,7 +450,7 @@ class Chef def contents_changed? logger.trace "calculating checksum of #{tempfile.path} to compare with #{current_resource.checksum}" - tempfile_checksum != current_resource.checksum + !checksum_match?(tempfile_checksum, current_resource.checksum) end def tempfile diff --git a/lib/chef/provider/package/windows.rb b/lib/chef/provider/package/windows.rb index 4350eb6d12..5581469062 100644 --- a/lib/chef/provider/package/windows.rb +++ b/lib/chef/provider/package/windows.rb @@ -38,7 +38,7 @@ class Chef def define_resource_requirements if new_resource.checksum requirements.assert(:install) do |a| - a.assertion { new_resource.checksum == checksum(source_location) } + a.assertion { checksum_match?(new_resource.checksum, checksum(source_location)) } a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})" end end diff --git a/spec/unit/mixin/checksum_spec.rb b/spec/unit/mixin/checksum_spec.rb index e8fb1ed4dc..9c1e19769d 100644 --- a/spec/unit/mixin/checksum_spec.rb +++ b/spec/unit/mixin/checksum_spec.rb @@ -51,4 +51,32 @@ describe Chef::Mixin::Checksum do end end + describe "checksum_match?" do + context "when checksum cases match" do + it "returns true" do + expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true + end + end + + context "when one checksum is uppercase and other is lowercase" do + it "returns true" do + expect(@checksum_user.checksum_match?("U7GHBXIKK3I9BLSIMMY2Y2IONMXX", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true + end + end + + context "when checksums do not match" do + it "returns false" do + expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "09ee9c8cc70501763563bcf9c218")).to be false + end + end + + context "when checksum is nil" do + it "returns false" do + expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", nil)).to be false + expect(@checksum_user.checksum_match?(nil, "09ee9c8cc70501763563bcf9c218")).to be false + expect(@checksum_user.checksum_match?(nil, nil)).to be false + end + end + end + end |