From b1a76207636a7c312c94344b44546116f31c5641 Mon Sep 17 00:00:00 2001
From: koplas <pschwabauer@intevation.de>
Date: Mon, 16 Dec 2024 12:23:10 +0100
Subject: [PATCH] Extend processor SHA fetching tests

Allow to forbid individual hashes from downloading. This allows to for
testing the behavior, if one of the hashes could not be downloaded.
---
 cmd/csaf_checker/processor_test.go            | 119 +++++++++---------
 internal/testutil/testutil.go                 |  14 ++-
 ...12-forbid-sha256-forbid-sha512-rolie.json} |   0
 3 files changed, 68 insertions(+), 65 deletions(-)
 rename testdata/processor-requirements/{sha256-sha512-forbid-hash-fetching-rolie.json => sha256-sha512-forbid-sha256-forbid-sha512-rolie.json} (100%)

diff --git a/cmd/csaf_checker/processor_test.go b/cmd/csaf_checker/processor_test.go
index 5b0241ef..9e3f112b 100644
--- a/cmd/csaf_checker/processor_test.go
+++ b/cmd/csaf_checker/processor_test.go
@@ -29,8 +29,11 @@ func getRequirementTestData(t *testing.T, params testutil.ProviderParams, direct
 	if params.EnableSha512 {
 		path += "sha512-"
 	}
-	if params.ForbidHashFetching {
-		path += "forbid-hash-fetching-"
+	if params.ForbidSha256 {
+		path += "forbid-sha256-"
+	}
+	if params.ForbidSha512 {
+		path += "forbid-sha512-"
 	}
 	if directoryProvider {
 		path += "directory"
@@ -64,74 +67,68 @@ func getRequirementTestData(t *testing.T, params testutil.ProviderParams, direct
 
 func TestShaMarking(t *testing.T) {
 	tests := []struct {
-		name               string
-		directoryProvider  bool
-		enableSha256       bool
-		enableSha512       bool
-		forbidHashFetching bool
+		name              string
+		directoryProvider bool
+		enableSha256      bool
+		enableSha512      bool
+		forbidSha256      bool
+		forbidSha512      bool
 	}{
 		{
-			name:               "deliver sha256 and sha512",
-			directoryProvider:  false,
-			enableSha256:       true,
-			enableSha512:       true,
-			forbidHashFetching: false,
+			name:              "deliver sha256 and sha512",
+			directoryProvider: false,
+			enableSha256:      true,
+			enableSha512:      true,
 		},
 		{
-			name:               "enable sha256 and sha512, forbid fetching",
-			directoryProvider:  false,
-			enableSha256:       true,
-			enableSha512:       true,
-			forbidHashFetching: true,
+			name:              "enable sha256 and sha512, forbid fetching",
+			directoryProvider: false,
+			enableSha256:      true,
+			enableSha512:      true,
+			forbidSha256:      true,
+			forbidSha512:      true,
 		},
 		{
-			name:               "only deliver sha256",
-			directoryProvider:  false,
-			enableSha256:       true,
-			enableSha512:       false,
-			forbidHashFetching: false,
+			name:              "only deliver sha256",
+			directoryProvider: false,
+			enableSha256:      true,
+			enableSha512:      false,
 		},
 		{
-			name:               "only deliver sha512",
-			directoryProvider:  false,
-			enableSha256:       false,
-			enableSha512:       true,
-			forbidHashFetching: false,
+			name:              "only deliver sha512",
+			directoryProvider: false,
+			enableSha256:      false,
+			enableSha512:      true,
 		},
 		{
-			name:               "deliver sha256 and sha512, directory provider",
-			directoryProvider:  true,
-			enableSha256:       true,
-			enableSha512:       true,
-			forbidHashFetching: false,
+			name:              "deliver sha256 and sha512, directory provider",
+			directoryProvider: true,
+			enableSha256:      true,
+			enableSha512:      true,
 		},
 		{
-			name:               "only deliver sha256, directory provider",
-			directoryProvider:  true,
-			enableSha256:       true,
-			enableSha512:       false,
-			forbidHashFetching: false,
+			name:              "only deliver sha256, directory provider",
+			directoryProvider: true,
+			enableSha256:      true,
+			enableSha512:      false,
 		},
 		{
-			name:               "only deliver sha512, directory provider",
-			directoryProvider:  true,
-			enableSha256:       false,
-			enableSha512:       true,
-			forbidHashFetching: false,
+			name:              "only deliver sha512, directory provider",
+			directoryProvider: true,
+			enableSha256:      false,
+			enableSha512:      true,
 		},
 		{
-			name:               "no hash",
-			directoryProvider:  false,
-			enableSha256:       false,
-			enableSha512:       false,
-			forbidHashFetching: false,
+			name:              "no hash",
+			directoryProvider: false,
+			enableSha256:      false,
+			enableSha512:      false,
 		},
 		{
-			name:               "no hash, directory provider",
-			directoryProvider:  true,
-			enableSha256:       false,
-			enableSha512:       false,
-			forbidHashFetching: false,
+			name:              "no hash, directory provider",
+			directoryProvider: true,
+			enableSha256:      false,
+			enableSha512:      false,
 		},
 	}
 
@@ -142,10 +139,11 @@ func TestShaMarking(t *testing.T) {
 			tt.Parallel()
 			serverURL := ""
 			params := testutil.ProviderParams{
-				URL:                "",
-				EnableSha256:       test.enableSha256,
-				EnableSha512:       test.enableSha512,
-				ForbidHashFetching: test.forbidHashFetching,
+				URL:          "",
+				EnableSha256: test.enableSha256,
+				EnableSha512: test.enableSha512,
+				ForbidSha256: test.forbidSha256,
+				ForbidSha512: test.forbidSha512,
 			}
 			server := httptest.NewTLSServer(testutil.ProviderHandler(&params, test.directoryProvider))
 			defer server.Close()
@@ -173,10 +171,11 @@ func TestShaMarking(t *testing.T) {
 			}
 			expected := getRequirementTestData(t,
 				testutil.ProviderParams{
-					URL:                serverURL,
-					EnableSha256:       test.enableSha256,
-					EnableSha512:       test.enableSha512,
-					ForbidHashFetching: test.forbidHashFetching,
+					URL:          serverURL,
+					EnableSha256: test.enableSha256,
+					EnableSha512: test.enableSha512,
+					ForbidSha256: test.forbidSha256,
+					ForbidSha512: test.forbidSha512,
 				},
 				test.directoryProvider)
 			for i, got := range report.Domains[0].Requirements {
diff --git a/internal/testutil/testutil.go b/internal/testutil/testutil.go
index e933742a..c7bad68b 100644
--- a/internal/testutil/testutil.go
+++ b/internal/testutil/testutil.go
@@ -18,10 +18,11 @@ import (
 
 // ProviderParams configures the test provider.
 type ProviderParams struct {
-	URL                string
-	EnableSha256       bool
-	EnableSha512       bool
-	ForbidHashFetching bool
+	URL          string
+	EnableSha256 bool
+	EnableSha512 bool
+	ForbidSha256 bool
+	ForbidSha512 bool
 }
 
 // ProviderHandler returns a test provider handler with the specified configuration.
@@ -50,7 +51,10 @@ func ProviderHandler(params *ProviderParams, directoryProvider bool) http.Handle
 			w.Header().Add("Content-Type", "text/html")
 		case strings.HasSuffix(path, ".json"):
 			w.Header().Add("Content-Type", "application/json")
-		case (strings.HasSuffix(path, ".sha256") || strings.HasSuffix(path, ".sha512")) && params.ForbidHashFetching:
+		case (strings.HasSuffix(path, ".sha256")) && params.ForbidSha256:
+			w.WriteHeader(http.StatusForbidden)
+			return
+		case strings.HasSuffix(path, ".sha512") && params.ForbidSha512:
 			w.WriteHeader(http.StatusForbidden)
 			return
 		case strings.HasSuffix(path, ".sha256") && directoryProvider && !params.EnableSha256:
diff --git a/testdata/processor-requirements/sha256-sha512-forbid-hash-fetching-rolie.json b/testdata/processor-requirements/sha256-sha512-forbid-sha256-forbid-sha512-rolie.json
similarity index 100%
rename from testdata/processor-requirements/sha256-sha512-forbid-hash-fetching-rolie.json
rename to testdata/processor-requirements/sha256-sha512-forbid-sha256-forbid-sha512-rolie.json