Add swizzler method to just change the checksum by adding a space.

Signed-off-by: Ying Li <ying.li@docker.com>
2026-04-12 06:19:22 +07:00 · 2016-01-21 09:48:07 -08:00
parent e0b507bfc2
commit a969db7a13
2 changed files with 47 additions and 0 deletions
--- a/tuf/testutils/swizzler.go
+++ b/tuf/testutils/swizzler.go
@@ -123,6 +123,18 @@ func (m *MetadataSwizzler) SetInvalidJSON(role string) error {
 	return m.MetadataCache.SetMeta(role, metaBytes[5:])
 }

+// AddExtraSpace adds an extra space to the beginning and end of the serialized
+// JSON bytes, which should not affect serialization, but will change the checksum
+// of the file.
+func (m *MetadataSwizzler) AddExtraSpace(role string) error {
+	metaBytes, err := m.MetadataCache.GetMeta(role, maxSize)
+	if err != nil {
+		return err
+	}
+	newBytes := append(append([]byte{' '}, metaBytes...), ' ')
+	return m.MetadataCache.SetMeta(role, newBytes)
+}
+
 // SetInvalidSigned corrupts the metadata into something that is valid JSON,
 // but not unmarshallable into signed JSON
 func (m *MetadataSwizzler) SetInvalidSigned(role string) error {
--- a/tuf/testutils/swizzler_test.go
+++ b/tuf/testutils/swizzler_test.go
@@ -5,6 +5,7 @@ package testutils

 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/json"
 	"reflect"
 	"testing"
@@ -95,6 +96,40 @@ func TestSwizzlerSetInvalidJSON(t *testing.T) {
 	}
 }

+// This adds a single byte of whitespace to the metadata file, so it should be parsed
+// and deserialized the same way, but checksums against snapshot/timestamp may fail
+func TestSwizzlerAddExtraSpace(t *testing.T) {
+	f, origMeta := createNewSwizzler(t)
+
+	f.AddExtraSpace(data.CanonicalTargetsRole)
+
+	snapshot := &data.SignedSnapshot{}
+	require.NoError(t, json.Unmarshal(origMeta[data.CanonicalSnapshotRole], snapshot))
+
+	for role, metaBytes := range origMeta {
+		newMeta, err := f.MetadataCache.GetMeta(role, maxSize)
+		require.NoError(t, err)
+
+		if role != data.CanonicalTargetsRole {
+			require.True(t, bytes.Equal(metaBytes, newMeta), "bytes have changed for role %s", role)
+		} else {
+			require.False(t, bytes.Equal(metaBytes, newMeta))
+			require.True(t, bytes.Equal(metaBytes, newMeta[1:len(metaBytes)+1]))
+			require.Equal(t, byte(' '), newMeta[0])
+			require.Equal(t, byte(' '), newMeta[len(newMeta)-1])
+
+			// make sure the hash is not the same as the hash in snapshot
+			newHash := sha256.Sum256(newMeta)
+			require.False(t, bytes.Equal(
+				snapshot.Signed.Meta[data.CanonicalTargetsRole].Hashes["sha256"],
+				newHash[:]))
+			require.NotEqual(t,
+				snapshot.Signed.Meta[data.CanonicalTargetsRole].Length,
+				len(newMeta))
+		}
+	}
+}
+
 // This modifies metdata so that it is unmarshallable as JSON, but cannot be
 // unmarshalled as a Signed object
 func TestSwizzlerSetInvalidSigned(t *testing.T) {