Skip to content

Commit

Permalink
Merge pull request #9 from arejula27/validate-checksum
Browse files Browse the repository at this point in the history
Validate checkshum for downloaded files excluding git files
  • Loading branch information
mirkobrombin authored Nov 13, 2023
2 parents ce7f5de + bd12fd8 commit 46df2be
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 6 deletions.
46 changes: 40 additions & 6 deletions core/resolver.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package core

import (
"crypto/sha256"
"fmt"
"io"
"net/http"
Expand Down Expand Up @@ -58,7 +59,11 @@ func DownloadSource(recipe *Recipe, source Source) error {
if source.Type == "git" {
return DownloadGitSource(recipe, source)
} else if source.Type == "tar" {
return DownloadTarSource(recipe, source)
err := DownloadTarSource(recipe, source)
if err != nil {
return err
}
return checksumValidation(source, filepath.Join(recipe.DownloadsPath, source.Module))
} else {
return fmt.Errorf("unsupported source type %s", source.Type)
}
Expand Down Expand Up @@ -153,23 +158,23 @@ func DownloadGitSource(recipe *Recipe, source Source) error {
// DownloadTarSource downloads a tar archive to the downloads directory
func DownloadTarSource(recipe *Recipe, source Source) error {
fmt.Printf("Source is tar: %s\n", source.URL)

//Create the destination path
dest := filepath.Join(recipe.DownloadsPath, source.Module)

//Download the resource
res, err := http.Get(source.URL)
if err != nil {
return err
}

defer res.Body.Close()

//Create the destination tar file
file, err := os.Create(dest)
if err != nil {
return err
}

//Close the file when the function ends
defer file.Close()

//Copy the response body to the destination file
_, err = io.Copy(file, res.Body)
if err != nil {
return err
Expand Down Expand Up @@ -220,3 +225,32 @@ func MoveSource(recipe *Recipe, source Source) error {
return fmt.Errorf("unsupported source type %s", source.Type)
}
}

// checksumValidation validates the checksum of a file
func checksumValidation(source Source, path string) error {
//No checksum provided
if len(strings.TrimSpace(source.Checksum)) == 0 {
return nil
}
//Open the file
file, err := os.Open(path)
if err != nil {
return err
}
//Close the file when the function ends
defer file.Close()
//Calculate the checksum
checksum := sha256.New()
_, err = io.Copy(checksum, file)
if err != nil {
return fmt.Errorf("could not calculate tar file checksum")
}

//Validate the checksum
if fmt.Sprintf("%x", checksum.Sum(nil)) != source.Checksum {

return fmt.Errorf("tar file checksum doesn't match")
}

return nil
}
56 changes: 56 additions & 0 deletions core/resolver_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package core_test

import (
"os"
"path/filepath"
"testing"

"github.com/vanilla-os/vib/core"
)

func TestDownloadSource(t *testing.T) {
recipe := &core.Recipe{
DownloadsPath: "/tmp/",
}
source := core.Source{
Type: "tar",
URL: "https://github.com/Vanilla-OS/Vib/archive/refs/tags/v0.3.1.tar.gz",
Module: "example",
Checksum: "d28ab888c7b30fd1cc01e0a581169ea52dfb5bfcefaca721497f82734b6a5a98",
}
err := core.DownloadSource(recipe, source)
if err != nil {
t.Errorf("DownloadSource returned an error: %v", err)
}

// Check if the file was downloaded
dest := filepath.Join(recipe.DownloadsPath, source.Module)
if _, err := os.Stat(dest); os.IsNotExist(err) {
t.Errorf("Downloaded file does not exist: %v", err)
}
defer os.Remove("/tmp/example") // clean up
}

func TestDownloadTarSource(t *testing.T) {
recipe := &core.Recipe{
DownloadsPath: "/tmp/",
}
source := core.Source{
Type: "tar",
URL: "https://github.com/Vanilla-OS/Vib/archive/refs/tags/v0.3.1.tar.gz",
Module: "example",
Checksum: "d28ab888c7b30fd1cc01e0a581169ea52dfb5bfcefaca721497f82734b6a5a98",
}
err := core.DownloadTarSource(recipe, source)
if err != nil {
t.Errorf("DownloadTarSource returned an error: %v", err)
}

// Check if the file was downloaded
dest := filepath.Join(recipe.DownloadsPath, source.Module)
if _, err := os.Stat(dest); os.IsNotExist(err) {
t.Errorf("Downloaded file does not exist: %v", err)
}
defer os.Remove("/tmp/example") // clean up

}
1 change: 1 addition & 0 deletions core/structs.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ type Module struct {

type Source struct {
URL string `json:"url"`
Checksum string `json:"checksum"`
Type string `json:"type"`
Commit string `json:"commit"`
Tag string `json:"tag"`
Expand Down

0 comments on commit 46df2be

Please sign in to comment.