Tighten up digests file parsing

author Thomas Karpiniec <tom.karpiniec@outlook.com>

Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)

committer Thomas Karpiniec <tom.karpiniec@outlook.com>

Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)
author Thomas Karpiniec <tom.karpiniec@outlook.com>
Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)
committer Thomas Karpiniec <tom.karpiniec@outlook.com>
Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)
diff --git a/src/verify.rs b/src/verify.rs

index 3d92964c8a2182ba7402b1129bc337e717ad0f04..8f0807444614e8b91ddca1914f3348aebb4116dd 100644 (file)
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -159,9 +159,20 @@ where
              // <valid-hash><space><space-or-*><filename>
              let (line_alg, bytes, filename) = match l
                  .find(' ')
-                .and_then(|space_pos| (l.get(0..space_pos)).zip(l.get(space_pos + 2..)))
+                .and_then(|space_pos| {
+                    // Char before filename should be space for text or * for binary
+                    match l.chars().nth(space_pos + 1) {
+                        Some(' ') | Some('*') => (l.get(..space_pos)).zip(l.get(space_pos + 2..)),
+                        _ => None,
+                    }
+                })
                  .and_then(|(maybe_hash, filename)| {
-                    try_parse_hash(maybe_hash).map(|(alg, bytes)| (alg, bytes, filename))
+                    // Filename should be in this position without extra whitespace
+                    if filename.trim() == filename {
+                        try_parse_hash(maybe_hash).map(|(alg, bytes)| (alg, bytes, filename))
+                    } else {
+                        None
+                    }
                  }) {
                  Some(t) => t,
                  None => {
@@ -273,8 +284,6 @@ pub fn verify_hash<'a>(calculated: &Hash, candidates: &'a CandidateHashes) -> Ve
  
  #[cfg(test)]
  mod tests {
-    use std::path::Path;
-
      use super::*;
  
      #[test]
@@ -332,7 +341,7 @@ mod tests {
  
          fe6c26d485a3573a1cb0ad0682f5105325a1905f  shasums";
          let lines = shasums.lines().map(|l| std::io::Result::Ok(l));
-        let path = Path::new("SHASUMS").to_owned();
+        let path = PathBuf::from("SHASUMS");
          let candidates = read_coreutils_digests_from_file(lines, &path);
  
          assert_eq!(
@@ -357,4 +366,20 @@ mod tests {
              })
          );
      }
+
+    #[test]
+    fn test_invalid_shasums() {
+        let no_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b cp";
+        let invalid_format = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b .cp";
+        let extra_space = "4b91f7a387a6edd4a7c0afb2897f1ca968c9695b   cp";
+
+        for digest in [no_format, invalid_format, extra_space] {
+            let lines = digest.lines().map(|l| std::io::Result::Ok(l));
+            assert!(
+                read_coreutils_digests_from_file(lines, &PathBuf::from("SHASUMS")).is_none(),
+                "Should be invalid digest: {:?}",
+                digest
+            );
+        }
+    }
  }
author	Thomas Karpiniec <tom.karpiniec@outlook.com>
	Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)
committer	Thomas Karpiniec <tom.karpiniec@outlook.com>
	Sat, 11 Jun 2022 08:40:20 +0000 (18:40 +1000)