Distinguish tests for checksum mismatch & invalid checksum

rubygems · Aug 22, 2016 · dc2a61c · dc2a61c
1 parent 24dbee0
commit dc2a61c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/lib/bundler/rubygems_gem_installer.rb b/lib/bundler/rubygems_gem_installer.rb
@@ -45,7 +45,7 @@ def checksum_type(checksum)
       case checksum.length
       when 64 then :hexdigest!
       when 44 then :base64digest!
-      else raise InstallError, "The given checksum for #{spec.full_name} is not a valid SHA256 hexdigest nor base64digest"
+      else raise InstallError, "The given checksum for #{spec.full_name} (#{checksum.inspect}) is not a valid SHA256 hexdigest nor base64digest"
       end
     end
   end

diff --git a/spec/install/gems/compact_index_spec.rb b/spec/install/gems/compact_index_spec.rb
@@ -706,10 +706,19 @@ def start
       expect(out).
         to  include("The checksum for the downloaded `rack-1.0.0.gem` did not match the checksum given by the API.").
         and include("This means that the contents of the gem appear to be different from what was uploaded, and could be an indicator of a security issue.").
-        and match(/\(The expected SHA256 checksum was "checksum!", but the checksum for the downloaded gem was ".+?"\.\)/).
+        and match(/\(The expected SHA256 checksum was "#{"ab" * 22}", but the checksum for the downloaded gem was ".+?"\.\)/).
         and include("Bundler cannot continue installing rack (1.0.0).")
     end
 
+    it "raises when the checksum is the wrong length" do
+      install_gemfile <<-G, :artifice => "compact_index_wrong_gem_checksum", :env => { "BUNDLER_SPEC_RACK_CHECKSUM" => "checksum!" }
+        source "#{source_uri}"
+        gem "rack"
+      G
+      expect(exitstatus).to eq(5) if exitstatus
+      expect(out).to include("The given checksum for rack-1.0.0 (\"checksum!\") is not a valid SHA256 hexdigest nor base64digest")
+    end
+
     it "does not raise when disable_checksum_validation is set" do
       bundle! "config disable_checksum_validation true"
       install_gemfile! <<-G, :artifice => "compact_index_wrong_gem_checksum"

diff --git a/spec/support/artifice/compact_index_wrong_gem_checksum.rb b/spec/support/artifice/compact_index_wrong_gem_checksum.rb
@@ -6,9 +6,11 @@
 class CompactIndexWrongGemChecksum < CompactIndexAPI
   get "/info/:name" do
     etag_response do
-      gem = gems.find {|g| g.name == params[:name] }
+      name = params[:name]
+      gem = gems.find {|g| g.name == name }
+      checksum = ENV.fetch("BUNDLER_SPEC_#{name.upcase}_CHECKSUM") { "ab" * 22 }
       versions = gem ? gem.versions : []
-      versions.each {|v| v.checksum = "checksum!" }
+      versions.each {|v| v.checksum = checksum }
       CompactIndex.info(versions)
     end
   end