Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Record validation fails on invalid hash algorithm names #178

Open
dimbleby opened this issue Apr 8, 2023 · 0 comments · May be fixed by #179
Open

Record validation fails on invalid hash algorithm names #178

dimbleby opened this issue Apr 8, 2023 · 0 comments · May be fixed by #179
Labels
component: records Related to installer.records type: bug A confirmed bug or unintended behavior

Comments

@dimbleby
Copy link
Contributor

dimbleby commented Apr 8, 2023
edited
Loading

as encountered in the wild with swat 1.12.1 and reported at python-poetry/poetry#7778 - RECORDS contains lines like

swat-1.12.1.dist-info/METADATA,sha=c2717134222c10492eaaea1040f6d2b1cd077054f1e7e4ea4f8b1cc48498282f,7737

which (among other things wrong with it) says sha where it means sha256.

Current behaviour is an uncaught ValueError from hashlib.new()

Here's a testcase:

    def test_rejects_record_containing_unknown_hash(self, fancy_wheel):
        with WheelFile.open(fancy_wheel) as source:
            record_file_contents = source.read_dist_info("RECORD")

        new_record_file_contents = record_file_contents.replace("sha256=", "sha=")
        replace_file_in_zip(
            fancy_wheel,
            filename="fancy-1.0.0.dist-info/RECORD",
            content=new_record_file_contents,
        )

        with WheelFile.open(fancy_wheel) as source:
            with pytest.raises(
                WheelFile.validation_error,
                match="RECORD file contains invalid hash algorithm `sha`",
            ):
                source.validate_record(validate_contents=True)

but it's not clear to me where would be the cleanest place to detect or catch this error so I have no fix to offer

Edit: changed my mind, #179
@dimbleby dimbleby linked a pull request Apr 8, 2023 that will close this issue
Open
@pradyunsg pradyunsg changed the title record validation fails on invalid hashes Record validation fails on invalid hash algorithm names May 3, 2023
@Secrus Secrus added type: bug A confirmed bug or unintended behavior component: records Related to installer.records labels Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component: records Related to installer.records type: bug A confirmed bug or unintended behavior
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cope with invalid hash algorithms in RECORD dimbleby/installer
2 participants
@dimbleby @Secrus