MCPcopy Index your code
hub / github.com/codehamr/codehamr / TestApplyRejectsChecksumMismatch

Function TestApplyRejectsChecksumMismatch

internal/update/update_test.go:80–106  ·  view source on GitHub ↗

TestApplyRejectsChecksumMismatch: a binary whose hash doesn't match the manifest must NOT replace the local executable, else a corrupted CDN response or a swapped asset installs whatever bytes arrived.

(t *testing.T)

Source from the content-addressed store, hash-verified

78// manifest must NOT replace the local executable, else a corrupted CDN
79// response or a swapped asset installs whatever bytes arrived.
80func TestApplyRejectsChecksumMismatch(t *testing.T) {
81 asset := platformAsset(t)
82 good := []byte("genuine binary v1\n")
83 tampered := []byte("malicious binary v1\n") // different bytes → different hash
84
85 r := newFakeRelease(t, asset, tampered, hashOf(good))
86 withReleaseURLs(t, r.srv.URL)
87
88 tmpDir := t.TempDir()
89 exec := filepath.Join(tmpDir, "codehamr")
90 if err := os.WriteFile(exec, []byte("original\n"), 0o755); err != nil {
91 t.Fatal(err)
92 }
93 beforeHash := hashOf([]byte("original\n"))
94
95 err := Apply(context.Background(), exec)
96 if err == nil {
97 t.Fatal("Apply must reject a binary that doesn't match the published checksum")
98 }
99 if !strings.Contains(err.Error(), "checksum mismatch") {
100 t.Fatalf("error must explain the mismatch, got: %v", err)
101 }
102 got, _ := os.ReadFile(exec)
103 if hashOf(got) != beforeHash {
104 t.Fatalf("local exec was replaced despite checksum mismatch")
105 }
106}
107
108// TestApplyRestoresBinaryWhenPromoteFails covers the most dangerous failure:
109// the running binary is moved aside to execPath+".old", then the promote

Callers

nothing calls this directly

Calls 6

platformAssetFunction · 0.85
newFakeReleaseFunction · 0.85
hashOfFunction · 0.85
withReleaseURLsFunction · 0.85
ApplyFunction · 0.85
ErrorMethod · 0.80

Tested by

no test coverage detected