Initial commit

sources/test/jest/wrapper-validation/checksums.test.ts

@@ -0,0 +1,71 @@
+import * as checksums from '../../../src/wrapper-validation/checksums'
+import nock from 'nock'
+import {afterEach, describe, expect, test, jest} from '@jest/globals'
+
+jest.setTimeout(30000)
+
+test('has loaded hardcoded wrapper jars checksums', async () => {
+  // Sanity check that generated checksums file is not empty and was properly imported
+  expect(checksums.KNOWN_CHECKSUMS.checksums.size).toBeGreaterThan(10)
+  // Verify that checksums of arbitrary versions are contained
+  expect(
+    checksums.KNOWN_CHECKSUMS.checksums.get(
+      '660ab018b8e319e9ae779fdb1b7ac47d0321bde953bf0eb4545f14952cfdcaa3'
+    )
+  ).toEqual(new Set(['4.10.3']))
+  expect(
+    checksums.KNOWN_CHECKSUMS.checksums.get(
+      '28b330c20a9a73881dfe9702df78d4d78bf72368e8906c70080ab6932462fe9e'
+    )
+  ).toEqual(new Set(['6.0-rc-1', '6.0-rc-2', '6.0-rc-3', '6.0', '6.0.1']))
+})
+
+test('fetches wrapper jars checksums', async () => {
+  const validChecksums = await checksums.fetchUnknownChecksums(false, new checksums.WrapperChecksums)
+  expect(validChecksums.size).toBeGreaterThan(10)
+  // Verify that checksum of arbitrary version is contained
+  expect(
+    validChecksums.has(
+      // Checksum for version 6.0
+      '28b330c20a9a73881dfe9702df78d4d78bf72368e8906c70080ab6932462fe9e'
+    )
+  ).toBe(true)
+})
+
+test('fetches wrapper jar checksums for snapshots', async () => {
+  const nonSnapshotChecksums = await checksums.fetchUnknownChecksums(false, new checksums.WrapperChecksums)
+  const validChecksums = await checksums.fetchUnknownChecksums(true, new checksums.WrapperChecksums)
+
+  // Expect that at least one snapshot checksum is different from the non-snapshot checksums
+  expect(validChecksums.size).toBeGreaterThan(nonSnapshotChecksums.size)
+})
+
+test('fetches all wrapper checksum URLS for snapshots', async () => {
+  const checksumUrls: string[] = []
+  await checksums.addDistributionSnapshotChecksums(checksumUrls)
+
+  expect(checksumUrls.length).toBeGreaterThan(100) // May only be a few unique checksums
+  console.log(checksumUrls)
+})
+
+describe('retry', () => {
+  afterEach(() => {
+    nock.cleanAll()
+  })
+
+  describe('for /versions/all API', () => {
+    test('retry three times', async () => {
+      nock('https://services.gradle.org', {allowUnmocked: true})
+        .get('/versions/all')
+        .times(3)
+        .replyWithError({
+          message: 'connect ECONNREFUSED 104.18.191.9:443',
+          code: 'ECONNREFUSED'
+        })
+
+      const validChecksums = await checksums.fetchUnknownChecksums(false, new checksums.WrapperChecksums)
+      expect(validChecksums.size).toBeGreaterThan(10)
+      nock.isDone()
+    })
+  })
+})

sources/test/jest/wrapper-validation/find.test.ts

@@ -0,0 +1,12 @@
+import * as path from 'path'
+import * as find from '../../../src/wrapper-validation/find'
+import {expect, test} from '@jest/globals'
+
+test('finds test data wrapper jars', async () => {
+  const repoRoot = path.resolve('./test/jest/wrapper-validation')
+  const wrapperJars = await find.findWrapperJars(repoRoot)
+  expect(wrapperJars.length).toBe(3)
+  expect(wrapperJars).toContain('data/valid/gradle-wrapper.jar')
+  expect(wrapperJars).toContain('data/invalid/gradle-wrapper.jar')
+  expect(wrapperJars).toContain('data/invalid/gradlе-wrapper.jar') // homoglyph
+})

sources/test/jest/wrapper-validation/hash.test.ts

@@ -0,0 +1,12 @@
+import * as path from 'path'
+import * as hash from '../../../src/wrapper-validation/hash'
+import {expect, test} from '@jest/globals'
+
+test('can sha256 files', async () => {
+  const sha = await hash.sha256File(
+    path.resolve('test/jest/wrapper-validation/data/invalid/gradle-wrapper.jar')
+  )
+  expect(sha).toEqual(
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  )
+})

sources/test/jest/wrapper-validation/validate.test.ts

@@ -0,0 +1,116 @@
+import * as path from 'path'
+import * as fs from 'fs'
+import * as validate from '../../../src/wrapper-validation/validate'
+import {expect, test, jest} from '@jest/globals'
+import { WrapperChecksums } from '../../../src/wrapper-validation/checksums'
+import { ChecksumCache } from '../../../src/wrapper-validation/cache'
+import exp from 'constants'
+
+jest.setTimeout(30000)
+
+const baseDir = path.resolve('./test/jest/wrapper-validation')
+const tmpDir = path.resolve('./test/jest/tmp')
+
+test('succeeds if all found wrapper jars are valid', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, false, [
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  ])
+
+  expect(result.isValid()).toBe(true)
+  // Only hardcoded and explicitly allowed checksums should have been used
+  expect(result.fetchedChecksums).toBe(false)
+
+  expect(result.toDisplayString()).toBe(
+    '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('succeeds if all found wrapper jars are previously valid', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, false, [], [
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
+    '3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce'
+  ])
+
+  expect(result.isValid()).toBe(true)
+  // Only hardcoded and explicitly allowed checksums should have been used
+  expect(result.fetchedChecksums).toBe(false)
+
+  expect(result.toDisplayString()).toBe(
+    '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('succeeds if all found wrapper jars are valid (and checksums are fetched from Gradle API)', async () => {
+  const knownValidChecksums = new WrapperChecksums()
+  const result = await validate.findInvalidWrapperJars(
+    baseDir,
+    false,
+    ['e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'],
+    [],
+    knownValidChecksums
+  )
+  console.log(`fetchedChecksums = ${result.fetchedChecksums}`)
+
+  expect(result.isValid()).toBe(true)
+  // Should have fetched checksums because no known checksums were provided
+  expect(result.fetchedChecksums).toBe(true)
+
+  expect(result.toDisplayString()).toBe(
+    '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('fails if invalid wrapper jars are found', async () => {
+  const result = await validate.findInvalidWrapperJars(baseDir, false, [])
+
+  expect(result.isValid()).toBe(false)
+
+  expect(result.valid).toEqual([
+    new validate.WrapperJar(
+      'data/valid/gradle-wrapper.jar',
+      '3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce'
+    )
+  ])
+
+  expect(result.invalid).toEqual([
+    new validate.WrapperJar(
+      'data/invalid/gradle-wrapper.jar',
+      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+    ),
+    new validate.WrapperJar(
+      'data/invalid/gradlе-wrapper.jar', // homoglyph
+      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+    )
+  ])
+
+  expect(result.toDisplayString()).toBe(
+    '✗ Found unknown Gradle Wrapper JAR files:\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradle-wrapper.jar\n' +
+      '  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 data/invalid/gradlе-wrapper.jar\n' + // homoglyph
+      '✓ Found known Gradle Wrapper JAR files:\n' +
+      '  3888c76faa032ea8394b8a54e04ce2227ab1f4be64f65d450f8509fe112d38ce data/valid/gradle-wrapper.jar'
+  )
+})
+
+test('can save and load checksums', async () => {
+  const cacheDir = path.join(tmpDir, 'wrapper-validation-cache')
+  fs.rmSync(cacheDir, {recursive: true, force: true})
+
+  const checksumCache = new ChecksumCache(cacheDir)
+
+  expect(checksumCache.load()).toEqual([])
+
+  checksumCache.save(['123', '456'])
+
+  expect(checksumCache.load()).toEqual(['123', '456'])
+  expect(fs.existsSync(cacheDir)).toBe(true)
+})