github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/pkg/github/hmac_test.go

github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/pkg/github/hmac_test.go (about)

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package github
    18  
    19  import (
    20  	"testing"
    21  )
    22  
    23  var tokens = `
    24  '*':
    25    - value: abc
    26      created_at: 2020-10-02T15:00:00Z
    27    - value: key
    28      created_at: 2018-10-02T15:00:00Z
    29  'org1':
    30    - value: abc1
    31      created_at: 2020-10-02T15:00:00Z
    32    - value: key1
    33      created_at: 2018-10-02T15:00:00Z
    34  'org2/repo':
    35    - value: abc2
    36      created_at: 2020-10-02T15:00:00Z
    37    - value: key2
    38      created_at: 2018-10-02T15:00:00Z
    39  `
    40  
    41  var defaultTokenGenerator = func() []byte {
    42  	return []byte(tokens)
    43  }
    44  
    45  // echo -n 'BODY' | openssl dgst -sha1 -hmac KEY
    46  func TestValidatePayload(t *testing.T) {
    47  	var testcases = []struct {
    48  		name           string
    49  		payload        string
    50  		sig            string
    51  		tokenGenerator func() []byte
    52  		valid          bool
    53  	}{
    54  		{
    55  			"empty payload with a correct signature can pass the check",
    56  			"{}",
    57  			"sha1=db5c76f4264d0ad96cf21baec394964b4b8ce580",
    58  			defaultTokenGenerator,
    59  			true,
    60  		},
    61  		{
    62  			"empty payload with a wrong formatted signature cannot pass the check",
    63  			"{}",
    64  			"db5c76f4264d0ad96cf21baec394964b4b8ce580",
    65  			defaultTokenGenerator,
    66  			false,
    67  		},
    68  		{
    69  			"empty signature is not valid",
    70  			"{}",
    71  			"",
    72  			defaultTokenGenerator,
    73  			false,
    74  		},
    75  		{
    76  			"org-level webhook event with a correct signature can pass the check",
    77  			`{"organization": {"login": "org1"}}`,
    78  			"sha1=cf2d7e20aa4863abe204a61a8adf53ddaef0b33b",
    79  			defaultTokenGenerator,
    80  			true,
    81  		},
    82  		{
    83  			"repo-level webhook event with a correct signature can pass the check",
    84  			`{"repository": {"full_name": "org2/repo"}}`,
    85  			"sha1=0b5ea8bf5683e4bf89cf900271e1c8a021b4b0b3",
    86  			defaultTokenGenerator,
    87  			true,
    88  		},
    89  		{
    90  			"payload with both repository and organization is considered as a repo-level webhook event",
    91  			`{"repository": {"full_name": "org2/repo"}, "organization": {"login": "org2"}}`,
    92  			"sha1=db5ba00c9ed0153322d33decb7ad579401e917f6",
    93  			defaultTokenGenerator,
    94  			true,
    95  		},
    96  	}
    97  	for _, tc := range testcases {
    98  		res := ValidatePayload([]byte(tc.payload), tc.sig, tc.tokenGenerator)
    99  		if res != tc.valid {
   100  			t.Errorf("Wrong validation for the test %q: expected %t but got %t", tc.name, tc.valid, res)
   101  		}
   102  	}
   103  }